Vulnerability CVE-2018-6459

Vulnerability Name:

CVE-2018-6459 (CCN-139218)

Assigned:

2018-02-19

Published:

2018-02-19

Updated:

2020-03-30

Summary:

The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-347

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2018-6459

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0403

Source: XF
Type: UNKNOWN
strongswan-cve20186459-dos(139218)

Source: GENTOO
Type: Third Party Advisory
GLSA-201811-16

Source: CCN
Type: strongSwan Web site
strongSwan Vulnerability (CVE-2015-3991)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-6459

Vulnerable Configuration:

Configuration 1:

cpe:/a:strongswan:strongswan:5.6.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:strongswan:strongswan:5.6.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20186459	V	CVE-2018-6459	2023-06-22
oval:org.opensuse.security:def:7810	P	strongswan-5.9.7-150500.3.4 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:686	P	Security update for ncurses (Moderate)	2022-08-09
oval:org.opensuse.security:def:3123	P	lftp-4.7.4-3.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3205	P	libltdl7-2.4.2-17.4.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3111	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3226	P	libospf0-1.1.1-17.7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3204	P	liblouis-data-2.6.4-6.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3164	P	libdcerpc-binding0-32bit-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3228	P	libpango-1_0-0-1.40.1-9.5 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3229	P	libpcap1-1.8.1-10.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3137	P	libXfixes3-32bit-5.0.1-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3214	P	libmysqlclient18-10.0.40.1-2.9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3593	P	libfreetype6-2.6.3-7.15.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3116	P	kbd-2.0.4-8.10.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3175	P	libgcab-1_0-0-0.6-1.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3232	P	libplist3-1.12-20.3.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3156	P	libasan2-32bit-5.3.1+r233831-12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95223	P	strongswan-nm-5.8.2-150400.17.24 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94834	P	strongswan-5.8.2-150400.17.24 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1807	P	Security update for MozillaThunderbird (Important)	2022-06-13
oval:org.opensuse.security:def:312	P	strongswan-5.8.2-11.8.4 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:1804	P	Security update for MozillaThunderbird (Important)	2022-05-17
oval:org.opensuse.security:def:1803	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:1798	P	Security update for icedtea-web (Important)	2022-04-19
oval:org.opensuse.security:def:1795	P	Security update for the Linux Kernel (Important)	2022-03-30
oval:org.opensuse.security:def:1819	P	Security update for MozillaThunderbird (Important)	2022-03-21
oval:org.opensuse.security:def:1816	P	Security update for the Linux Kernel (Important)	2022-03-08
oval:org.opensuse.security:def:1814	P	Security update for MozillaThunderbird (Important)	2022-02-23
oval:org.opensuse.security:def:1241	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:1812	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:894	P	Security update for unbound (Important)	2022-01-25
oval:org.opensuse.security:def:113464	P	strongswan-5.9.0-1.9 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:1794	P	Security update for gegl (Important)	2021-12-31
oval:org.opensuse.security:def:1793	P	Security update for gegl (Important)	2021-12-31
oval:org.opensuse.security:def:70328	P	Security update for glib-networking (Important)	2021-12-10
oval:org.opensuse.security:def:66972	P	Security update for tinyxml (Low)	2021-11-09
oval:org.opensuse.security:def:100663	P	(Moderate)	2021-10-06
oval:org.opensuse.security:def:106862	P	strongswan-5.9.0-1.9 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:68355	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3) (Important)	2021-09-16
oval:org.opensuse.security:def:48310	P	squid-4.8-2.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48311	P	squidGuard-1.4-30.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48326	P	tpm2.0-tools-3.1.4-1.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:63489	P	libmwaw-0_3-3-0.3.17-4.9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:94302	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2369	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:107681	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63458	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2431	P	strongswan-nm-5.8.2-11.8.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101015	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63520	P	strongswan-nm-5.8.2-11.8.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62815	P	libsrtp2-1-2.2.0-1.34 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101059	P	python3-Werkzeug-1.0.1-1.10 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72482	P	libICE6-32bit-1.0.9-1.25 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62790	P	libimobiledevice-devel-1.2.0+git20180427.26373b3-1.40 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101088	P	strongswan-5.8.2-11.8.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62330	P	strongswan-5.8.2-11.8.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62993	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62783	P	libexif-devel-0.6.22-5.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72071	P	strongswan-5.8.2-11.8.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71811	P	enscript-1.6.6-1.17 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62787	P	libgypsy-devel-0.9-2.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:66880	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:74652	P	Security update for go1.16 (Important)	2021-07-19
oval:org.opensuse.security:def:73663	P	Security update for qemu (Moderate)	2021-06-30
oval:org.opensuse.security:def:64540	P	Security update for lua53 (Moderate)	2021-06-29
oval:org.opensuse.security:def:69881	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:69129	P	Security update for freeradius-server (Moderate)	2021-06-23
oval:org.opensuse.security:def:64710	P	Security update for gstreamer-plugins-bad (Important)	2021-06-10
oval:org.opensuse.security:def:48781	P	kernel-default-extra-4.4.21-69.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48448	P	jakarta-commons-fileupload-1.1.1-120.113 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48874	P	libuuid-devel-2.29.2-2.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2458	P	libopencv3_3-3.3.1-4.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48644	P	w3m-0.5.3-157.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2462	P	libpurple-2.13.0-3.35 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70223	P	Security update for nginx (Important)	2021-05-27
oval:org.opensuse.security:def:93950	P	(Important)	2021-05-11
oval:org.opensuse.security:def:69986	P	Security update for salt (Critical)	2021-02-26
oval:org.opensuse.security:def:49462	P	Security update for nodejs14 (Important)	2021-02-26
oval:org.opensuse.security:def:64598	P	Security update for java-11-openjdk (Important)	2021-02-09
oval:org.opensuse.security:def:61983	P	strongswan-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72366	P	imlib2-loaders-1.4.10-1.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3883	P	evolution-devel-3.22.6-19.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63643	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71724	P	strongswan-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107329	P	strongswan-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116887	P	strongswan-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1820	P	ncurses-devel-32bit-6.1-5.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117240	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94346	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63636	P	libreoffice-6.4.4.2-11.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63286	P	libxmltooling-devel-1.6.4-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107725	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3870	P	crash-devel-7.2.1-6.42 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49025	P	libpcap1-32bit-1.8.1-10.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71695	P	procmail-3.22-2.34 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2554	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64438	P	Security update for python-cryptography (Moderate)	2020-12-02
oval:org.opensuse.security:def:50730	P	Security update for tigervnc (Important)	2020-12-01
oval:org.opensuse.security:def:52253	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:63865	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:49565	P	libnetpbm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50898	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:49648	P	libSDL2-2_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49281	P	opensc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50393	P	Security update for NetworkManager (Moderate)	2020-12-01
oval:org.opensuse.security:def:66630	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64331	P	libical2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65021	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49246	P	libtiff-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50977	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:52315	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:50134	P	MozillaThunderbird on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73321	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49397	P	emacs-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50199	P	libproxy1-config-gnome3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64194	P	haproxy on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73203	P	libpng16-16 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49335	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74785	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:49776	P	cargo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65692	P	Security update for rubygem-activesupport-5_1 (Critical)	2020-12-01
oval:org.opensuse.security:def:50637	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:49628	P	gdk-pixbuf-query-loaders-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65111	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:49493	P	vorbis-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50804	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:69026	P	Security update for rubygem-actionpack-5_1 (Important)	2020-12-01
oval:org.opensuse.security:def:49332	P	socat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50841	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:49629	P	gdm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73545	P	python-azure-agent on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:68458	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:50234	P	libavcodec-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50253	P	strongswan-nm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50871	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:66538	P	libtasn1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64330	P	libhogweed4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65782	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:50903	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:49983	P	subversion-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:110447	P	Security update for strongswan (Moderate)	2020-03-29
oval:org.opensuse.security:def:104827	P	Security update for strongswan (Moderate)	2020-03-23
oval:org.opensuse.security:def:98137	P	Security update for strongswan (Moderate)	2020-03-23
oval:org.opensuse.security:def:90452	P	Security update for strongswan (Moderate)	2020-03-23
oval:org.opensuse.security:def:104107	P	Security update for strongswan (Moderate)	2020-03-23
oval:org.opensuse.security:def:91172	P	Security update for strongswan (Moderate)	2020-03-23
oval:org.opensuse.security:def:75533	P	Security update for strongswan (Moderate)	2020-03-23
oval:org.opensuse.security:def:97417	P	Security update for strongswan (Moderate)	2020-03-23
oval:com.ubuntu.artful:def:20186459000	V	CVE-2018-6459 on Ubuntu 17.10 (artful) - medium.	2018-02-20
oval:com.ubuntu.trusty:def:20186459000	V	CVE-2018-6459 on Ubuntu 14.04 LTS (trusty) - medium.	2018-02-20
oval:com.ubuntu.xenial:def:20186459000	V	CVE-2018-6459 on Ubuntu 16.04 LTS (xenial) - medium.	2018-02-20
oval:com.ubuntu.xenial:def:201864590000000	V	CVE-2018-6459 on Ubuntu 16.04 LTS (xenial) - medium.	2018-02-20

BACK