Out-of-Bounds Affecting strongswan package, versions <5.7.1-r0

Q: How to fix?

Upgrade Alpine:3.14 strongswan to version 5.7.1-r0 or higher.

Threat Intelligence

2.29% (90^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-ALPINE314-STRONGSWAN-1308019
published3 Oct 2018
disclosed3 Oct 2018

Report a new vulnerability Found a mistake?

Introduced: 3 Oct 2018

CVE-2018-17540 (opens in a new tab) CWE-119 (opens in a new tab)

How to fix?

Upgrade Alpine:3.14 strongswan to version 5.7.1-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream strongswan package and not the strongswan package as distributed by Alpine. See How to fix? for Alpine:3.14 relevant fixed versions and status.

The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.

References

https://download.strongswan.org/security/CVE-2018-17540/
https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17540
https://www.debian.org/security/2018/dsa-4309
https://lists.debian.org/debian-lts-announce/2018/10/msg00001.html
https://security-tracker.debian.org/tracker/CVE-2018-17540
https://security.gentoo.org/glsa/201811-16
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html
http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-17540
https://usn.ubuntu.com/3774-1/
https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-%28cve-2018-17540%29.html