{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-08T12:06:09.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"}, {"name": "DSA-4989", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4989"}, {"name": "[debian-lts-announce] 20211019 [SECURITY] [DLA 2788-1] strongswan security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"}, {"name": "FEDORA-2021-0b37146973", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"}, {"name": "FEDORA-2021-b3df83339e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"}, {"name": "FEDORA-2021-95fab6a482", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-41991", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/strongswan/strongswan/releases/tag/5.9.4", "refsource": "MISC", "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"}, {"name": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html", "refsource": "CONFIRM", "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html"}, {"name": "DSA-4989", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4989"}, {"name": "[debian-lts-announce] 20211019 [SECURITY] [DLA 2788-1] strongswan security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"}, {"name": "FEDORA-2021-0b37146973", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"}, {"name": "FEDORA-2021-b3df83339e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"}, {"name": "FEDORA-2021-95fab6a482", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:22:25.655Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"}, {"name": "DSA-4989", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4989"}, {"name": "[debian-lts-announce] 20211019 [SECURITY] [DLA 2788-1] strongswan security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"}, {"name": "FEDORA-2021-0b37146973", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"}, {"name": "FEDORA-2021-b3df83339e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"}, {"name": "FEDORA-2021-95fab6a482", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-41991", "datePublished": "2021-10-18T13:44:25.000Z", "dateReserved": "2021-10-04T00:00:00.000Z", "dateUpdated": "2024-08-04T03:22:25.655Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE9611E9-41E8-4C83-BB26-E52C35252022", "versionEndExcluding": "5.9.4", "versionStartIncluding": "4.2.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "276E81AE-85C3-4DBA-B4E6-0BFD85DE03F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "18A57CBB-1089-4829-AD1E-89C927611A36", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF3E5DDA-1BD4-4511-A2C8-4B5D40E6755E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "373B769D-0E60-4362-BAE1-90BA6E0B211C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "049460B8-6186-44F9-B41F-284A2EC0B3B4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "205482DA-548C-4757-91F0-1599438873BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2009C1FA-96D5-413C-9161-0DB55F841088", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*", "matchCriteriaId": "350FD323-C876-4C7A-A2E7-4B0660C87F6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4FF3D204-F783-4ED8-B6DC-7BAE65AB5E89", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A79836B-5EC1-40AF-8A57-9657EF6758E5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "16B3F1A4-6AA2-48C4-B2B3-7CCFED8E35B6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*", "matchCriteriaId": "A60FC550-A518-46BF-9124-E21DD654981C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:cp_1543-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8E64DDA-3855-4CDB-A42C-EE23FEDA9074", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "F703FF33-882F-4CB5-9CA0-8FAE670B2AEF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A46FF27-6B0D-4606-9D7B-45912556416F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "1256EB4B-DD8A-4F99-AE69-F74E8F789C63", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "01483C0C-8A8D-4059-B4F6-D280A71178B9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "843A8686-5172-4782-BB97-B5D3C6FB27A3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_eu_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "80303992-FA4F-4F53-8A52-BF2E2BFB99A6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "209C7B1E-10F6-4215-AF69-CC36192E0FCE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte\\/us_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1D78E94-D826-4300-BD3D-E544A1D67B0D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte\\/us:-:*:*:*:*:*:*:*", "matchCriteriaId": "00DDA679-D761-4986-A0A0-4C00178DF0B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7F1C19F-FCF8-4BB5-BDAE-F7B188A85A1A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C868560-8BAE-462D-AED0-3C52EA9B6DB8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "50CB213E-50AC-418F-A4CF-AEE1E0D74E00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCB9BD17-7F1F-42E9-831F-EB907F9BC214", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C33C9CC6-C03E-47CA-9B8F-96C05C5A4DEE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", "matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCABEAA-F652-4DB4-89F9-19C6C3B7FB11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "10C7D54A-27B4-4195-8131-DD5380472A75", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "656082A8-8160-4A1A-967B-F7CC27A218D5", "versionEndExcluding": "2.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "E54AF1E6-0E52-447C-8946-18716D30EBE2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC252750-1EFC-4AA3-9477-A49E3BBD61F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "50FEE5FA-B141-4E5F-8673-363089262530", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "934FCA36-A4F2-4B90-93DE-48A3A355D865", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A294530-727C-4535-8B02-668DF74587D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "425AB6D7-7325-4028-9065-D24C597BEB62", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9E746CF-4009-4A14-8916-A9E0276CAF8B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A48B4A9-F8D3-433F-A95B-B541C13FF2C4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D7AB0D5-FD3E-416A-975B-D212B3350433", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "336471A8-D4AF-4935-B170-DAB2267C61DC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*", "matchCriteriaId": "25634AD2-2CC0-45AF-B5DE-39D30CBA91A4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility."}, {"lang": "es", "value": "La cach\u00e9 de certificados en memoria en strongSwan versiones anteriores a 5.9.4, presenta un desbordamiento de enteros remoto al recibir muchas peticiones con diferentes certificados para llenar la cach\u00e9 y posteriormente desencadenar la sustituci\u00f3n de las entradas de la cach\u00e9. El c\u00f3digo intenta seleccionar una entrada de cach\u00e9 menos usada mediante un generador de n\u00fameros aleatorios, pero esto no es realizado correctamente. Una ejecuci\u00f3n de c\u00f3digo remota podr\u00eda ser una peque\u00f1a posibilidad"}], "id": "CVE-2021-41991", "lastModified": "2024-11-21T06:27:02.090", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-18T14:15:10.333", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4989"}, {"source": "cve@mitre.org", "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4989"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "strongswan: integer overflow when replacing certificates in cache", "id": "2015613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015613"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-190->CWE-119", "details": ["The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility."], "name": "CVE-2021-41991", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "strongimcv", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2021-10-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-41991\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41991\nhttps://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html"], "threat_severity": "Moderate"}

{}