Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-41991

Опубликовано: 18 окт. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

РелизСтатусПримечание
bionic

released

5.6.2-1ubuntu2.7
devel

released

5.9.1-1ubuntu3.1
esm-infra-legacy/trusty

released

5.1.2-0ubuntu2.11+esm1
esm-infra/bionic

released

5.6.2-1ubuntu2.7
esm-infra/focal

released

5.8.2-1ubuntu3.3
esm-infra/xenial

released

5.3.5-1ubuntu3.8+esm1
fips-preview/jammy

released

5.9.1-1ubuntu3.1
fips-updates/bionic

released

5.6.2-1ubuntu2.fips.2.7.1
fips-updates/focal

released

5.8.2-1ubuntu3.fips.3.3.1
fips-updates/jammy

released

5.9.1-1ubuntu3.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 85%
0.02432
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-41991

CVSS3: 7.5
redhat
больше 4 лет назад

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

nvd логотип

CVE-2021-41991

CVSS3: 7.5
nvd
больше 4 лет назад

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

msrc логотип

CVE-2021-41991

CVSS3: 7.5
msrc
больше 4 лет назад

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator but this is not done correctly. Remote code execution might be a slight possibility.

debian логотип

CVE-2021-41991

CVSS3: 7.5
debian
больше 4 лет назад

The in-memory certificate cache in strongSwan before 5.9.4 has a remot ...

suse-cvrf логотип

SUSE-SU-2021:3468-1

suse-cvrf
больше 4 лет назад

Security update for strongswan

EPSS

Процентиль: 85%
0.02432
Низкий

5 Medium

CVSS2

7.5 High

CVSS3