CVE-2018-16151

Published: Sep 26, 2018Modified: Dec 3, 2025

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

Affected (7)

Products: Strongswan: Strongswan · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Strongswan Strongswan	From 4.0.0 to 4.6.4
Strongswan Strongswan	From 5.0.0 to 5.7.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201811-16

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3771-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4305

Source: cve@mitre.org

Third Party Advisory

https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201811-16

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3771-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4305

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.