First published: Mon Oct 18 2021(Updated: )
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/strongswan | 5.7.2-1+deb10u2 5.7.2-1+deb10u3 5.9.1-1+deb11u3 5.9.8-5 5.9.11-1 | |
Strongswan Strongswan | >=4.2.10<5.9.4 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Siemens SINEMA Remote Connect Server | ||
Siemens Siplus Et 200sp Cp 1542sp-1 Irc Tx Rail Firmware | ||
Siemens Siplus Et 200sp Cp 1542sp-1 Irc Tx Rail | ||
Siemens Simatic Cp 1243-1 Firmware | ||
Siemens Simatic Cp 1243-1 | ||
Siemens Simatic Cp 1242-7 Gprs V2 Firmware | ||
Siemens SIMATIC CP 1242-7 GPRS V2 | ||
Siemens Simatic Net Cp 1243-8 Irc Firmware | ||
Siemens Simatic Net Cp 1243-8 Irc | ||
Siemens Scalance Sc632-2c Firmware | ||
Siemens Scalance Sc632-2c | ||
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Firmware | ||
Siemens Siplus Et 200sp Cp 1543sp-1 Isec | ||
Siemens Cp 1543-1 Firmware | ||
Siemens Cp 1543-1 | ||
Siemens Simatic Net Cp 1545-1 Firmware | ||
Siemens Simatic Net Cp 1545-1 | ||
Siemens Simatic Cp 1543sp-1 Firmware | ||
Siemens Simatic Cp 1543sp-1 | ||
Siemens Simatic Net Cp1243-7 Lte Eu Firmware | ||
Siemens Simatic Net Cp1243-7 Lte Eu | ||
Siemens Simatic Cp 1243-7 Lte\/us Firmware | ||
Siemens Simatic Cp 1243-7 Lte\/us | ||
Siemens Simatic Cp 1542sp-1 Firmware | ||
Siemens SIMATIC CP 1542SP-1 | ||
Siemens Scalance Sc636-2c Firmware | ||
Siemens Scalance Sc636-2c | ||
Siemens Simatic Cp 1542sp-1 Irc Firmware | ||
Siemens Simatic Cp 1542sp-1 Irc | ||
Siemens Scalance Sc642-2c Firmware | ||
Siemens Scalance Sc642-2c | ||
Siemens Scalance Sc646-2c Firmware | <2.3 | |
Siemens Scalance Sc646-2c | ||
Siemens Scalance Sc622-2c Firmware | ||
Siemens Scalance Sc622-2c | ||
Siemens Siplus S7-1200 Cp 1243-1 Rail Firmware | ||
Siemens Siplus S7-1200 Cp 1243-1 Rail | ||
Siemens Siplus S7-1200 Cp 1243-1 Firmware | ||
Siemens Siplus S7-1200 Cp 1243-1 | ||
Siemens Siplus Net Cp 1543-1 Firmware | ||
Siemens Siplus Net Cp 1543-1 | ||
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Tx Rail Firmware | ||
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Tx Rail | ||
All of | ||
Siemens Siplus Et 200sp Cp 1542sp-1 Irc Tx Rail Firmware | ||
Siemens Siplus Et 200sp Cp 1542sp-1 Irc Tx Rail | ||
All of | ||
Siemens Simatic Cp 1243-1 Firmware | ||
Siemens Simatic Cp 1243-1 | ||
All of | ||
Siemens Simatic Cp 1242-7 Gprs V2 Firmware | ||
Siemens SIMATIC CP 1242-7 GPRS V2 | ||
All of | ||
Siemens Simatic Net Cp 1243-8 Irc Firmware | ||
Siemens Simatic Net Cp 1243-8 Irc | ||
All of | ||
Siemens Scalance Sc632-2c Firmware | ||
Siemens Scalance Sc632-2c | ||
All of | ||
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Firmware | ||
Siemens Siplus Et 200sp Cp 1543sp-1 Isec | ||
All of | ||
Siemens Cp 1543-1 Firmware | ||
Siemens Cp 1543-1 | ||
All of | ||
Siemens Simatic Net Cp 1545-1 Firmware | ||
Siemens Simatic Net Cp 1545-1 | ||
All of | ||
Siemens Simatic Cp 1543sp-1 Firmware | ||
Siemens Simatic Cp 1543sp-1 | ||
All of | ||
Siemens Simatic Net Cp1243-7 Lte Eu Firmware | ||
Siemens Simatic Net Cp1243-7 Lte Eu | ||
All of | ||
Siemens Simatic Cp 1243-7 Lte\/us Firmware | ||
Siemens Simatic Cp 1243-7 Lte\/us | ||
All of | ||
Siemens Simatic Cp 1542sp-1 Firmware | ||
Siemens SIMATIC CP 1542SP-1 | ||
All of | ||
Siemens Scalance Sc636-2c Firmware | ||
Siemens Scalance Sc636-2c | ||
All of | ||
Siemens Simatic Cp 1542sp-1 Irc Firmware | ||
Siemens Simatic Cp 1542sp-1 Irc | ||
All of | ||
Siemens Scalance Sc642-2c Firmware | ||
Siemens Scalance Sc642-2c | ||
All of | ||
Siemens Scalance Sc646-2c Firmware | <2.3 | |
Siemens Scalance Sc646-2c | ||
All of | ||
Siemens Scalance Sc622-2c Firmware | ||
Siemens Scalance Sc622-2c | ||
All of | ||
Siemens Siplus S7-1200 Cp 1243-1 Rail Firmware | ||
Siemens Siplus S7-1200 Cp 1243-1 Rail | ||
All of | ||
Siemens Siplus S7-1200 Cp 1243-1 Firmware | ||
Siemens Siplus S7-1200 Cp 1243-1 | ||
All of | ||
Siemens Siplus Net Cp 1543-1 Firmware | ||
Siemens Siplus Net Cp 1543-1 | ||
All of | ||
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Tx Rail Firmware | ||
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Tx Rail |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-41991.
The severity level of CVE-2021-41991 is high.
Versions of strongSwan before 5.9.4 are affected by CVE-2021-41991.
To fix CVE-2021-41991, upgrade to strongSwan version 5.9.4 or later.
You can find more information about CVE-2021-41991 in the following references: [Link 1](https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf), [Link 2](https://github.com/strongswan/strongswan/releases/tag/5.9.4), [Link 3](https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html).