{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-08T12:06:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"}, {"name": "DSA-4989", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4989"}, {"name": "[debian-lts-announce] 20211019 [SECURITY] [DLA 2788-1] strongswan security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"}, {"name": "FEDORA-2021-0b37146973", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"}, {"name": "FEDORA-2021-b3df83339e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"}, {"name": "FEDORA-2021-95fab6a482", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-41991", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/strongswan/strongswan/releases/tag/5.9.4", "refsource": "MISC", "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"}, {"name": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html", "refsource": "CONFIRM", "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html"}, {"name": "DSA-4989", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4989"}, {"name": "[debian-lts-announce] 20211019 [SECURITY] [DLA 2788-1] strongswan security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"}, {"name": "FEDORA-2021-0b37146973", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"}, {"name": "FEDORA-2021-b3df83339e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"}, {"name": "FEDORA-2021-95fab6a482", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:22:25.655Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"}, {"name": "DSA-4989", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4989"}, {"name": "[debian-lts-announce] 20211019 [SECURITY] [DLA 2788-1] strongswan security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"}, {"name": "FEDORA-2021-0b37146973", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"}, {"name": "FEDORA-2021-b3df83339e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"}, {"name": "FEDORA-2021-95fab6a482", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-41991", "datePublished": "2021-10-18T13:44:25", "dateReserved": "2021-10-04T00:00:00", "dateUpdated": "2024-08-04T03:22:25.655Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE9611E9-41E8-4C83-BB26-E52C35252022", "versionEndExcluding": "5.9.4", "versionStartIncluding": "4.2.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "276E81AE-85C3-4DBA-B4E6-0BFD85DE03F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "18A57CBB-1089-4829-AD1E-89C927611A36", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF3E5DDA-1BD4-4511-A2C8-4B5D40E6755E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "373B769D-0E60-4362-BAE1-90BA6E0B211C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "049460B8-6186-44F9-B41F-284A2EC0B3B4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "205482DA-548C-4757-91F0-1599438873BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2009C1FA-96D5-413C-9161-0DB55F841088", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*", "matchCriteriaId": "350FD323-C876-4C7A-A2E7-4B0660C87F6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4FF3D204-F783-4ED8-B6DC-7BAE65AB5E89", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A79836B-5EC1-40AF-8A57-9657EF6758E5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "16B3F1A4-6AA2-48C4-B2B3-7CCFED8E35B6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*", "matchCriteriaId": "A60FC550-A518-46BF-9124-E21DD654981C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:cp_1543-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8E64DDA-3855-4CDB-A42C-EE23FEDA9074", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "F703FF33-882F-4CB5-9CA0-8FAE670B2AEF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A46FF27-6B0D-4606-9D7B-45912556416F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "1256EB4B-DD8A-4F99-AE69-F74E8F789C63", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "01483C0C-8A8D-4059-B4F6-D280A71178B9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "843A8686-5172-4782-BB97-B5D3C6FB27A3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_eu_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "80303992-FA4F-4F53-8A52-BF2E2BFB99A6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "209C7B1E-10F6-4215-AF69-CC36192E0FCE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte\\/us_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1D78E94-D826-4300-BD3D-E544A1D67B0D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte\\/us:-:*:*:*:*:*:*:*", "matchCriteriaId": "00DDA679-D761-4986-A0A0-4C00178DF0B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7F1C19F-FCF8-4BB5-BDAE-F7B188A85A1A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C868560-8BAE-462D-AED0-3C52EA9B6DB8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "50CB213E-50AC-418F-A4CF-AEE1E0D74E00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCB9BD17-7F1F-42E9-831F-EB907F9BC214", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C33C9CC6-C03E-47CA-9B8F-96C05C5A4DEE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", "matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCABEAA-F652-4DB4-89F9-19C6C3B7FB11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "10C7D54A-27B4-4195-8131-DD5380472A75", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "656082A8-8160-4A1A-967B-F7CC27A218D5", "versionEndExcluding": "2.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "E54AF1E6-0E52-447C-8946-18716D30EBE2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC252750-1EFC-4AA3-9477-A49E3BBD61F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "50FEE5FA-B141-4E5F-8673-363089262530", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "934FCA36-A4F2-4B90-93DE-48A3A355D865", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A294530-727C-4535-8B02-668DF74587D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "425AB6D7-7325-4028-9065-D24C597BEB62", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9E746CF-4009-4A14-8916-A9E0276CAF8B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A48B4A9-F8D3-433F-A95B-B541C13FF2C4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D7AB0D5-FD3E-416A-975B-D212B3350433", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "336471A8-D4AF-4935-B170-DAB2267C61DC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*", "matchCriteriaId": "25634AD2-2CC0-45AF-B5DE-39D30CBA91A4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility."}, {"lang": "es", "value": "La cach\u00e9 de certificados en memoria en strongSwan versiones anteriores a 5.9.4, presenta un desbordamiento de enteros remoto al recibir muchas peticiones con diferentes certificados para llenar la cach\u00e9 y posteriormente desencadenar la sustituci\u00f3n de las entradas de la cach\u00e9. El c\u00f3digo intenta seleccionar una entrada de cach\u00e9 menos usada mediante un generador de n\u00fameros aleatorios, pero esto no es realizado correctamente. Una ejecuci\u00f3n de c\u00f3digo remota  podr\u00eda ser una peque\u00f1a posibilidad"}], "id": "CVE-2021-41991", "lastModified": "2024-11-21T06:27:02.090", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-18T14:15:10.333", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4989"}, {"source": "cve@mitre.org", "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4989"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "strongswan: integer overflow when replacing certificates in cache", "id": "2015613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015613"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-190->CWE-119", "details": ["The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility."], "name": "CVE-2021-41991", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "strongimcv", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2021-10-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-41991\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41991\nhttps://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html"], "threat_severity": "Moderate"}