rpm package
suse/strongswan&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-11185 | Hig | 7.5 | < 5.1.3-26.5.1 | 5.1.3-26.5.1 | Aug 18, 2017 | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. | |
| CVE-2017-9023 | Hig | 7.5 | < 5.1.3-25.1 | 5.1.3-25.1 | Jun 8, 2017 | The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. | |
| CVE-2017-9022 | Hig | 7.5 | < 5.1.3-25.1 | 5.1.3-25.1 | Jun 8, 2017 | The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. |
- affected < 5.1.3-26.5.1fixed 5.1.3-26.5.1
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
- affected < 5.1.3-25.1fixed 5.1.3-25.1
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
- affected < 5.1.3-25.1fixed 5.1.3-25.1
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.