Main Vulnerability Database SB2017053126

SB2017053126 - Improper input validation in strongswan (Alpine package)

Published: May 31, 2017

Security Bulletin ID SB2017053126

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper input validation (CVE-ID: CVE-2017-9023)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

ASN.1 CHOICE types are not correctly handled by the ASN.1 parser in strongSwan when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=b5b340734c9f745798a1e735a1b11710ef301237
https://git.alpinelinux.org/aports/commit/?id=b2909ae5d93989f6f7aa2506a963bb8061269792
https://git.alpinelinux.org/aports/commit/?id=f48354faeaa48613ec150ba912a378e92d8fd969
https://git.alpinelinux.org/aports/commit/?id=ed2876361e4be4201d60d14712478e77f83a87e6
https://git.alpinelinux.org/aports/commit/?id=c230c56fced0fa200359730435bbce4792cd3e11
https://git.alpinelinux.org/aports/commit/?id=7fc2f4d05809912063bfe8a962dc13d5ddedede5
https://git.alpinelinux.org/aports/commit/?id=ac75b4cf5fdcc373908bd64393d0be391b2edb34
https://git.alpinelinux.org/aports/commit/?id=73c141f3470739c757e59dc00b5a6c58861f9365
https://git.alpinelinux.org/aports/commit/?id=9a6a7cfb656f54db0871293e52cee189cab41be3
https://git.alpinelinux.org/aports/commit/?id=b9f9484b5a7eb04f6f3f67df3e650e9b4433e99b
https://git.alpinelinux.org/aports/commit/?id=82ccbbfff5cbbf01b74519ddd9bc16c487b449e6
https://git.alpinelinux.org/aports/commit/?id=f647e2d3d31f6c5e3c4f4f41bfbee7eea8d02271