VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 18, 2021· Updated Aug 4, 2024

CVE-2021-41991

CVE-2021-41991

Description

An integer overflow in the in-memory certificate cache of strongSwan before 5.9.4 can lead to a denial-of-service or possibly remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An integer overflow in the in-memory certificate cache of strongSwan before 5.9.4 can lead to a denial-of-service or possibly remote code execution.

Vulnerability

The in-memory certificate cache in strongSwan versions 4.2.10 up to 5.9.3 contains an integer overflow bug. The cache stores validated certificate relationships (limited to 32 slots). When the cache is full and a new certificate needs to be inserted, the code attempts to find a less-frequently used slot by iterating starting from a random offset, calculated as int offset = random(). Since random() can return values up to RAND_MAX (typically INT_MAX = 2^31-1), a high value causes an integer overflow when computing (i + offset) % CACHE_SIZE, leading to a negative index and an out-of-bounds array access [1].

Exploitation

An attacker must send thousands of certificate validation requests over roughly a day or two to fill the cache and trigger the vulnerable replacement logic. No authentication is required; the attacker only needs network access to a strongSwan VPN gateway or client that has the certificate cache enabled (which is the default). The random nature of the overflow means exploitation is not deterministic, but an attacker might eventually cause the out-of-bounds access [1].

Impact

Successful exploitation most likely results in a segmentation fault, causing a denial-of-service (DoS) of the strongSwan daemon. The vendor states that "remote code execution might be a slight possibility" [1], though the primary impact is service disruption.

Mitigation

The vulnerability is fixed in strongSwan version 5.9.4 [2]. Users should upgrade to 5.9.4 or later. As a workaround, the certificate cache can be disabled (though this may impact performance). No workaround is otherwise provided by the vendor. The CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.

References
  1. strongSwan - strongSwan Vulnerability (CVE-2021-41991)
  2. Release strongSwan 5.9.4 · strongswan/strongswan

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

36

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

8

News mentions

0

No linked articles in our index yet.