CVE-2018-6459
First published: Tue Feb 20 2018(Updated: )
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Strongswan Strongswan | =5.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
<CVE-2018-6459>
What is the severity of <CVE-2018-6459>?
The severity of <CVE-2018-6459> is medium with a severity value of 5.3.
Which software version is affected by <CVE-2018-6459>?
The version affected by <CVE-2018-6459> is Strongswan 5.6.1.
How can an attacker exploit <CVE-2018-6459>?
An attacker can exploit <CVE-2018-6459> by sending a crafted RSASSA-PSS signature that lacks a mask generation function parameter, causing a denial of service.
Are there any references available for <CVE-2018-6459>?
Yes, the references for <CVE-2018-6459> are: [1] http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html, [2] https://security.gentoo.org/glsa/201811-16, [3] https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/strongswan
- canonical/strongswan strongswan
- version/strongswan strongswan/5.6.1