CVE-2021-41991
18.10.2021, 14:15
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| strongswan | strongswan | 4.2.10 ≤ 𝑥 < 5.9.4 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| siemens | sinema_remote_connect_server | - |
| siemens | siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware | - |
| siemens | simatic_cp_1243-1_firmware | - |
| siemens | simatic_cp_1242-7_gprs_v2_firmware | - |
| siemens | simatic_net_cp_1243-8_irc_firmware | - |
| siemens | scalance_sc632-2c_firmware | - |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_firmware | - |
| siemens | cp_1543-1_firmware | - |
| siemens | simatic_net_cp_1545-1_firmware | - |
| siemens | simatic_cp_1543sp-1_firmware | - |
| siemens | simatic_net_cp1243-7_lte_eu_firmware | - |
| siemens | simatic_cp_1243-7_lte\/us_firmware | - |
| siemens | simatic_cp_1542sp-1_firmware | - |
| siemens | scalance_sc636-2c_firmware | - |
| siemens | simatic_cp_1542sp-1_irc_firmware | - |
| siemens | scalance_sc642-2c_firmware | - |
| siemens | scalance_sc646-2c_firmware | 𝑥 < 2.3 |
| siemens | scalance_sc622-2c_firmware | - |
| siemens | siplus_s7-1200_cp_1243-1_rail_firmware | - |
| siemens | siplus_s7-1200_cp_1243-1_firmware | - |
| siemens | siplus_net_cp_1543-1_firmware | - |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware | - |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| strongswan |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| strongswan |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| strongswan-doc |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| strongswan-hmac |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| strongswan-ipsec |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| strongswan-libs0 |
|
References