All Vulnerability Reports

CVE-2017-9022 and CVE-2017-9023: strongSwan DOS Vulnerabilities


Severity

Medium

Vendor

strongSwan

Versions Affected
  • CVE-2017-9022: strongSwan versions 4.4.0 and later prior to 5.5.3
  • CVE-2017-9023: all strongSwan versions prior to 5.5.3
Description

It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2017-9022)

It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. A remote attacker could use this issue to cause strongSwan to hang, resulting in a denial of service. (CVE-2017-9023)

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • IPSec Add-on for PCF:
    • All versions prior to 1.6.9
Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • IPSec Add-on for PCF: 1.6.9
References