CVE-2017-9022 and CVE-2017-9023: strongSwan DOS Vulnerabilities
Severity
Medium
Vendor
strongSwan
Versions Affected
- CVE-2017-9022: strongSwan versions 4.4.0 and later prior to 5.5.3
- CVE-2017-9023: all strongSwan versions prior to 5.5.3
Description
It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2017-9022)
It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. A remote attacker could use this issue to cause strongSwan to hang, resulting in a denial of service. (CVE-2017-9023)
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- IPSec Add-on for PCF:
- All versions prior to 1.6.9
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- IPSec Add-on for PCF: 1.6.9