CVE-2018-16151

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-16151
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16151.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-16151
Downstream
Related
Published
2018-09-26T21:29:01.087Z
Modified
2026-03-10T14:34:24.981707Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

In verifyemsapkcs1signature() in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

References

Affected packages

Git / github.com/strongswan/strongswan

Affected ranges

Type
GIT
Repo
https://github.com/strongswan/strongswan
Events
Introduced
8ba0404004ae9b36d74598a3f2212973fffb343a
Last affected
b3bb991dc93324f52f52216d5a1460a865016c76
Introduced
1e5634c9b3eaad5231ad4a90c394c5589fb2a387
Fixed
2a327d438ce526b078fb1e93402c7394a78c408c
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.6.4"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.7.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16151.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    }
]