CVE-2018-6459
Description
Crafted RSASSA-PSS signatures missing an MGF parameter cause a denial-of-service crash in strongSwan 5.6.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Crafted RSASSA-PSS signatures missing an MGF parameter cause a denial-of-service crash in strongSwan 5.6.1.
Vulnerability
In strongSwan 5.6.1, the rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c does not properly handle ASN.1 encoded RSASSA-PSS signature parameters that omit the mask generation function (MGF) parameter. When parsing such a crafted signature, an undefined stack read occurs, leading to a potential crash. This affects signatures in certificates and IKEv2 signature authentication (RFC 7427) [1].
Exploitation
An attacker sends a crafted RSASSA-PSS signature value (e.g., in a certificate or an IKEv2 authentication exchange) that lacks the MGF parameter. No prior authentication or special network position is required; the attacker merely needs to deliver the malformed input to a strongSwan 5.6.1 system [1].
Impact
Successful exploitation causes a denial-of-service crash of the strongSwan process. Remote code execution is not possible [1]. The crash may disrupt IPsec VPN services or other IKE-based communications.
Mitigation
strongSwan 5.6.2, released on February 19, 2018, fixes the vulnerability. A patch is also available for 5.6.1 [1]. Gentoo users should upgrade to >=net-vpn/strongswan-5.7.1 [2]. No workaround exists for unpatched installations.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: =5.6.1
- osv-coords3 versionspkg:rpm/opensuse/strongswan&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/strongswan&distro=openSUSE%20Tumbleweedpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
< 5.8.2-lp151.4.6.1+ 2 more
- (no CPE)range: < 5.8.2-lp151.4.6.1
- (no CPE)range: < 5.9.0-1.9
- (no CPE)range: < 5.8.2-4.6.14
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.htmlmitrevendor-advisoryx_refsource_SUSE
- security.gentoo.org/glsa/201811-16mitrevendor-advisoryx_refsource_GENTOO
- www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-%28cve-2018-6459%29.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.