FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6a449a37-1570-11e8-8e00-000c294a5758strongswan - Insufficient input validation in RSASSA-PSS signature parser

Strongswan Release Notes reports:

Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that was caused by insufficient input validation. One of the configurable parameters in algorithm identifier structures for RSASSA-PSS signatures is the mask generation function (MGF). Only MGF1 is currently specified for this purpose. However, this in turn takes itself a parameter that specifies the underlying hash function. strongSwan's parser did not correctly handle the case of this parameter being absent, causing an undefined data read. his vulnerability has been registered as CVE-2018-6459.


Discovery 2018-01-31
Entry 2018-02-19
strongswan
eq 5.6.1

CVE-2018-6459
https://github.com/strongswan/strongswan/commit/40da179f28b768ffcf6ff7e2f68675eb44806668