Main Vulnerability Database Vulnerabilities #VU6874

Improper input validation - CVE-2017-9023

Published: May 31, 2017 / Updated: June 2, 2017

Vulnerability identifier: #VU6874

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-9023

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

ASN.1 CHOICE types are not correctly handled by the ASN.1 parser in strongSwan when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate.

How to mitigate CVE-2017-9023

Install update from vendor's website.

Sources

https://www.debian.org/security/2017/dsa-3866

Improper input validation - CVE-2017-9023

Detailed vulnerability description

How to mitigate CVE-2017-9023

Sources

Please verify you're human