Vulnerability & Exploit Database

Displaying all 4 entries

Results for: CVE-2018-16152 Back to search

Gentoo Linux: CVE-2018-16152: strongSwan: Multiple vulnerabilities Vulnerability

  • Severity: 5
  • Published: September 26, 2018

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public expone...

Alpine Linux: CVE-2018-16152: strongswan Multiple vulnerabilities Vulnerability

  • Severity: 5
  • Published: September 26, 2018

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public expone...

Ubuntu: USN-3771-1 (CVE-2018-16152): strongSwan vulnerabilities Vulnerability

  • Severity: 5
  • Published: September 24, 2018

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public expone...

Debian: CVE-2018-16152: strongswan -- security update Vulnerability

  • Severity: 5
  • Published: September 24, 2018

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public expone...