Bird_banner_small4
strongSwan x509 Plugin Denial of Service
TSL ID TSL20170531-17
CVE ID(s) CVE-2017-9023
Severity High
Description

A denial-of-service vulnerability has been reported in strongSwan. The vulnerability is due to improper parsing of various X.509 certificate extensions using ASN.1 CHOICE and SEQUENCE types within the X.509 and ASN.1 parsers.

A remote attacker can exploit this vulnerability by sending a crafted public key certificate to the target server. Successful exploitation will result in denial-of-service conditions on the target server.

The vendor, strongSwan, has released the following advisory regarding this vulnerability:

https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html

Affected Products
  • strongSwan strongSwan prior to 5.5.3
CVSS Score Base 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C):
  • Access vector is NETWORK
  • Access complexity is LOW
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is NONE
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 5.8 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html
Related Threats