From f7875319cd715adf4ba9c016fa937e78dd073e44 Mon Sep 17 00:00:00 2001 From: Francois ten Krooden Date: Wed, 26 Jan 2022 00:03:23 +0800 Subject: security/vuxml: Add CVE-2021-41990 and CVE-2021-41991 for security/strongswan PR: 259267 --- security/vuxml/vuln-2022.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 2fa7d3c2d9fe..deff98e95256 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,38 @@ + + strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache + + + strongswan + 5.9.4 + + + + +

Strongswan Release Notes reports:

+
Fixed a denial-of-service vulnerability in the gmp plugin that + was caused by an integer overflow when processing RSASSA-PSS + signatures with very large salt lengths. This vulnerability has + been registered as CVE-2021-41990.
+
Fixed a denial-of-service vulnerability in the in-memory + certificate cache if certificates are replaced and a very large + random value caused an integer overflow. This vulnerability has + been registered as CVE-2021-41991.
+

+ + + + CVE-2021-41990 + CVE-2021-41991 + https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html + https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html + + + 2021-10-04 + 2022-01-25 + + + aide -- heap-based buffer overflow -- cgit v1.2.3