CVE-2021-41991: Integer Overflow
First published: Mon Oct 18 2021(Updated: )
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/strongswan | 5.7.2-1+deb10u2 5.7.2-1+deb10u3 5.9.1-1+deb11u3 5.9.8-5 5.9.11-1 | |
| strongSwan | >=4.2.10<5.9.4 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| Debian | =11.0 | |
| Fedora | =33 | |
| Fedora | =34 | |
| Fedora | =35 | |
| Siemens SINEMA Remote Connect | ||
| All of | ||
| Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX Rail | ||
| Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX Rail Firmware | ||
| All of | ||
| Siemens SIMATIC CP 1243-1 Firmware | ||
| Siemens Simatic Net CP 1243-1 | ||
| All of | ||
| Siemens SIMATIC CP 1242-7 GPRS V2 Firmware | ||
| Siemens Simatic CP 1242-7 GPRS Firmware | ||
| All of | ||
| Siemens SIMATIC CP 1243-8 IRC Firmware | ||
| Siemens Simatic Net CP 1243-8 IRC Firmware | ||
| All of | ||
| Siemens Scalance SC632-2C Firmware | ||
| Siemens Scalance SC632-2C Firmware | ||
| All of | ||
| Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX Rail Firmware | ||
| Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX Rail | ||
| All of | ||
| Siemens CP 1543-1 | ||
| Siemens Simatic CP 1543SP-1 | ||
| All of | ||
| Siemens Simatic CP 1545-1 Firmware | ||
| Siemens Simatic Net CP 1545-1 | ||
| All of | ||
| Siemens Simatic CP 1543-1 | ||
| Siemens Simatic CP 1543-1 | ||
| All of | ||
| Siemens Simatic Net CP 1243-7 LTE EU Firmware | ||
| Siemens Simatic Net CP 1243-7 LTE EU Firmware | ||
| All of | ||
| Siemens SIMATIC CP 1243-7 LTE/US Firmware | ||
| Siemens SIMATIC CP 1243-7 LTE/US | ||
| All of | ||
| Siemens Simatic CP 1542SP-1 IRC | ||
| Siemens SIMATIC NET CP 1542SP-1 | ||
| All of | ||
| Siemens Scalance SC636-2C | ||
| Siemens SCALANCE SC636-2C | ||
| All of | ||
| Siemens Simatic CP 1542SP-1 IRC | ||
| Siemens SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants) | ||
| All of | ||
| Siemens Scalance SC642-2C | ||
| Siemens SCALANCE SC642-2C | ||
| All of | ||
| Siemens Scalance SC646-2C Firmware | <2.3 | |
| Siemens SCALANCE SC646-2C (6GK5646-2GS00-2AC2) | ||
| All of | ||
| Siemens Scalance SC622-2C Firmware | ||
| Siemens Scalance SC622-2C Firmware | ||
| All of | ||
| Siemens SIPLUS S7-1200 CP 1243-1 | ||
| Siemens SIPLUS S7-1200 CP 1243-1 | ||
| All of | ||
| Siemens SIPLUS S7-1200 | ||
| Siemens SIPLUS S7-1200 | ||
| All of | ||
| Siemens SIPLUS NET CP 1543-1 | ||
| Siemens SIPLUS NET CP 1543-1 Firmware | ||
| All of | ||
| Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC Firmware | ||
| Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC | ||
| Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX Rail | ||
| Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX Rail Firmware | ||
| Siemens SIMATIC CP 1243-1 Firmware | ||
| Siemens Simatic Net CP 1243-1 | ||
| Siemens SIMATIC CP 1242-7 GPRS V2 Firmware | ||
| Siemens Simatic CP 1242-7 GPRS Firmware | ||
| Siemens SIMATIC CP 1243-8 IRC Firmware | ||
| Siemens Simatic Net CP 1243-8 IRC Firmware | ||
| Siemens Scalance SC632-2C Firmware | ||
| Siemens Scalance SC632-2C Firmware | ||
| Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX Rail Firmware | ||
| Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX Rail | ||
| Siemens CP 1543-1 | ||
| Siemens Simatic CP 1543SP-1 | ||
| Siemens Simatic CP 1545-1 Firmware | ||
| Siemens Simatic Net CP 1545-1 | ||
| Siemens Simatic CP 1543-1 | ||
| Siemens Simatic CP 1543-1 | ||
| Siemens Simatic Net CP 1243-7 LTE EU Firmware | ||
| Siemens Simatic Net CP 1243-7 LTE EU Firmware | ||
| Siemens SIMATIC CP 1243-7 LTE/US Firmware | ||
| Siemens SIMATIC CP 1243-7 LTE/US | ||
| Siemens Simatic CP 1542SP-1 IRC | ||
| Siemens SIMATIC NET CP 1542SP-1 | ||
| Siemens Scalance SC636-2C | ||
| Siemens SCALANCE SC636-2C | ||
| Siemens Simatic CP 1542SP-1 IRC | ||
| Siemens SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants) | ||
| Siemens Scalance SC642-2C | ||
| Siemens SCALANCE SC642-2C | ||
| Siemens Scalance SC646-2C Firmware | <2.3 | |
| Siemens SCALANCE SC646-2C (6GK5646-2GS00-2AC2) | ||
| Siemens Scalance SC622-2C Firmware | ||
| Siemens Scalance SC622-2C Firmware | ||
| Siemens SIPLUS S7-1200 CP 1243-1 | ||
| Siemens SIPLUS S7-1200 CP 1243-1 | ||
| Siemens SIPLUS S7-1200 | ||
| Siemens SIPLUS S7-1200 | ||
| Siemens SIPLUS NET CP 1543-1 | ||
| Siemens SIPLUS NET CP 1543-1 Firmware | ||
| Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC Firmware | ||
| Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html
- https://security-tracker.debian.org/tracker/CVE-2021-41991
- https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf
- https://github.com/strongswan/strongswan/releases/tag/5.9.4
- https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/
- https://www.debian.org/security/2021/dsa-4989
- https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-41991.
What is the severity level of CVE-2021-41991?
The severity level of CVE-2021-41991 is high.
Which software versions are affected by CVE-2021-41991?
Versions of strongSwan before 5.9.4 are affected by CVE-2021-41991.
How can I fix CVE-2021-41991?
To fix CVE-2021-41991, upgrade to strongSwan version 5.9.4 or later.
Where can I find more information about CVE-2021-41991?
You can find more information about CVE-2021-41991 in the following references: [Link 1](https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf), [Link 2](https://github.com/strongswan/strongswan/releases/tag/5.9.4), [Link 3](https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html).
- collector/security-tracker-debian
- agent/type
- agent/weakness
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/debian
- vendor/strongswan
- canonical/strongswan
- version/strongswan/4.2.10
- vendor/debian
- canonical/debian
- version/debian/9.0
- version/debian/10.0
- version/debian/11.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/33
- version/fedora/34
- version/fedora/35
- vendor/siemens
- canonical/siemens sinema remote connect
- canonical/siemens siplus et 200sp cp 1542sp-1 irc tx rail
- canonical/siemens siplus et 200sp cp 1542sp-1 irc tx rail firmware
- canonical/siemens simatic cp 1243-1 firmware
- canonical/siemens simatic net cp 1243-1
- canonical/siemens simatic cp 1242-7 gprs v2 firmware
- canonical/siemens simatic cp 1242-7 gprs firmware
- canonical/siemens simatic cp 1243-8 irc firmware
- canonical/siemens simatic net cp 1243-8 irc firmware
- canonical/siemens scalance sc632-2c firmware
- canonical/siemens siplus et 200sp cp 1543sp-1 isec tx rail firmware
- canonical/siemens siplus et 200sp cp 1543sp-1 isec tx rail
- canonical/siemens cp 1543-1
- canonical/siemens simatic cp 1543sp-1
- canonical/siemens simatic cp 1545-1 firmware
- canonical/siemens simatic net cp 1545-1
- canonical/siemens simatic cp 1543-1
- canonical/siemens simatic net cp 1243-7 lte eu firmware
- canonical/siemens simatic cp 1243-7 lte/us firmware
- canonical/siemens simatic cp 1243-7 lte/us
- canonical/siemens simatic cp 1542sp-1 irc
- canonical/siemens simatic net cp 1542sp-1
- canonical/siemens scalance sc636-2c
- canonical/siemens simatic net cp 1542sp-1 irc (incl. siplus variants)
- canonical/siemens scalance sc642-2c
- canonical/siemens scalance sc646-2c firmware
- canonical/siemens scalance sc646-2c (6gk5646-2gs00-2ac2)
- canonical/siemens scalance sc622-2c firmware
- canonical/siemens siplus s7-1200 cp 1243-1
- canonical/siemens siplus s7-1200
- canonical/siemens siplus net cp 1543-1
- canonical/siemens siplus net cp 1543-1 firmware
- canonical/siemens siplus et 200sp cp 1543sp-1 isec firmware
- canonical/siemens siplus et 200sp cp 1543sp-1 isec