Improper input validation - CVE-2017-9022
Published: May 31, 2017 / Updated: June 2, 2017
Vulnerability identifier: #VU6873
CSH Severity: Medium
CVSS v4.0:
CVE-ID: CVE-2017-9022
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
RSA public keys passed to the gmp plugin in strongSwan aren't validated sufficiently
before attempting signature verification, so that invalid input might
lead to a floating point exception and crash of the process.
A certificate with an appropriately prepared public key sent by a peer
could be used for a denial-of-service attack.
How to mitigate CVE-2017-9022
Install update from vendor's website.