CVE-2021-41991

Published: Oct 18, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

Affected (29)

Products: Strongswan: Strongswan · Debian: Debian Linux · Fedoraproject: Fedora · +1 more

Show all products

1 product

1 product

1 product

22 products

Sinema Remote Connect Server

Siplus Et 200sp Cp 1542sp 1 Irc Tx Rail Firmware

Simatic Cp 1243 1 Firmware

Simatic Cp 1242 7 Gprs V2 Firmware

Simatic Net Cp 1243 8 Irc Firmware

Scalance Sc632 2c Firmware

Siplus Et 200sp Cp 1543sp 1 Isec Firmware

Cp 1543 1 Firmware

Simatic Net Cp 1545 1 Firmware

Simatic Cp 1543sp 1 Firmware

Simatic Net Cp1243 7 Lte Eu Firmware

Simatic Cp 1243 7 Lte/us Firmware

Simatic Cp 1542sp 1 Firmware

Scalance Sc636 2c Firmware

Simatic Cp 1542sp 1 Irc Firmware

Scalance Sc642 2c Firmware

Scalance Sc646 2c Firmware

Scalance Sc622 2c Firmware

Siplus S7 1200 Cp 1243 1 Rail Firmware

Siplus S7 1200 Cp 1243 1 Firmware

Siplus Net Cp 1543 1 Firmware

Siplus Et 200sp Cp 1543sp 1 Isec Tx Rail Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Strongswan Strongswan	From 4.2.10 to 5.9.4

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 9.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinema Remote Connect Server	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siplus Et 200sp Cp 1542sp 1 Irc Tx Rail Firmware	All versions

Running on/with	Platform Versions
Siemens Siplus Et 200sp Cp 1542sp 1 Irc Tx Rail	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 1243 1 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 1243 1	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 1242 7 Gprs V2 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 1242 7 Gprs V2	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Net Cp 1243 8 Irc Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Net Cp 1243 8 Irc	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Sc632 2c Firmware	All versions

Running on/with	Platform Versions
Siemens Scalance Sc632 2c	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siplus Et 200sp Cp 1543sp 1 Isec Firmware	All versions

Running on/with	Platform Versions
Siemens Siplus Et 200sp Cp 1543sp 1 Isec	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Cp 1543 1 Firmware	All versions

Running on/with	Platform Versions
Siemens Cp 1543 1	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Net Cp 1545 1 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Net Cp 1545 1	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 1543sp 1 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 1543sp 1	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Net Cp1243 7 Lte Eu Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Net Cp1243 7 Lte Eu	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 1243 7 Lte/us Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 1243 7 Lte/us	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 1542sp 1 Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 1542sp 1	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Sc636 2c Firmware	All versions

Running on/with	Platform Versions
Siemens Scalance Sc636 2c	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Cp 1542sp 1 Irc Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Cp 1542sp 1 Irc	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Sc642 2c Firmware	All versions

Running on/with	Platform Versions
Siemens Scalance Sc642 2c	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Sc646 2c Firmware	Before 2.3

Running on/with	Platform Versions
Siemens Scalance Sc646 2c	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Sc622 2c Firmware	All versions

Running on/with	Platform Versions
Siemens Scalance Sc622 2c	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siplus S7 1200 Cp 1243 1 Rail Firmware	All versions

Running on/with	Platform Versions
Siemens Siplus S7 1200 Cp 1243 1 Rail	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siplus S7 1200 Cp 1243 1 Firmware	All versions

Running on/with	Platform Versions
Siemens Siplus S7 1200 Cp 1243 1	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siplus Net Cp 1543 1 Firmware	All versions

Running on/with	Platform Versions
Siemens Siplus Net Cp 1543 1	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siplus Et 200sp Cp 1543sp 1 Isec Tx Rail Firmware	All versions

Running on/with	Platform Versions
Siemens Siplus Et 200sp Cp 1543sp 1 Isec Tx Rail	All versions

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (16)

https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/strongswan/strongswan/releases/tag/5.9.4

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/

Source: cve@mitre.org

https://www.debian.org/security/2021/dsa-4989

Source: cve@mitre.org

Third Party Advisory

https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html

Source: cve@mitre.org

https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf