CVE-2021-41990

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

Database specific

{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "10.0"
                },
                {
                    "last_affected": "11.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "debian:debian_linux"
        },
        {
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "33"
                },
                {
                    "last_affected": "34"
                },
                {
                    "last_affected": "35"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "fedoraproject:fedora"
        }
    ]
}

References

Affected packages

Git / github.com/strongswan/strongswan

Affected ranges

Type

GIT

Repo

https://github.com/strongswan/strongswan

Events

Introduced

203a86ecb88ecff2a338196401cbf55244ed6158

Fixed

66fa7c959a53cff27c83e7f10331ad24cfdfb0a4

Database specific

{
    "extracted_events": [
        {
            "introduced": "5.6.1"
        },
        {
            "fixed": "5.9.4"
        }
    ],
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*"
}

Affected versions

5.*

5.6.1

5.6.2

5.6.2dr1

5.6.2dr2

5.6.2dr3

5.6.2dr4

5.6.2rc1

5.6.3

5.6.3dr1

5.6.3dr2

5.6.3rc1

5.7.0

5.7.0dr1

5.7.0dr2

5.7.0dr3

5.7.0dr4

5.7.0dr5

5.7.0dr6

5.7.0dr8

5.7.0rc1

5.7.0rc2

5.7.1

5.7.2

5.7.2dr1

5.7.2dr2

5.7.2dr3

5.7.2dr4

5.7.2rc1

5.8.0

5.8.0dr2

5.8.0rc1

5.8.1

5.8.1dr1

5.8.1rc2

5.8.2

5.8.2dr1

5.8.2dr2

5.8.2rc1

5.8.2rc2

5.8.3

5.8.3rc1

5.8.4

5.9.0

5.9.0dr1

5.9.0dr2

5.9.0rc1

5.9.1

5.9.1dr1

5.9.1rc1

5.9.2

5.9.2dr1

5.9.2dr2

5.9.2rc1

5.9.2rc2

5.9.3

5.9.3dr1

5.9.3dr2

5.9.3dr3

5.9.3dr4

5.9.3rc1

5.9.4dr1

5.9.4dr2

5.9.4dr3

5.9.4rc1

android-2.*

android-2.3.3

android-2.3.3-1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41990.json"