strongswan - Insufficient input validation in RSASSA-PSS signature parser
Strongswan Release Notes reports:
Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that
was caused by insufficient input validation. One of the configurable
parameters in algorithm identifier structures for RSASSA-PSS signatures is the
mask generation function (MGF). Only MGF1 is currently specified for this
purpose. However, this in turn takes itself a parameter that specifies the
underlying hash function. strongSwan's parser did not correctly handle the
case of this parameter being absent, causing an undefined data read.
his vulnerability has been registered as CVE-2018-6459.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright