QSearchQSearch

CVE-2021-41990

7.5 HIGH

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature

Published: 2021-10-18 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-190

Affected products

VendorProduct
debian6gk5615-0aa00-2aa2_firmware, 6gk5804-0ap00-2aa2_firmware, 6gk5812-1aa00-2aa2_firmware
fedoraproject6gk5615-0aa00-2aa2_firmware, 6gk5804-0ap00-2aa2_firmware, 6gk5812-1aa00-2aa2_firmware
siemens6gk5615-0aa00-2aa2_firmware, 6gk5804-0ap00-2aa2_firmware, 6gk5812-1aa00-2aa2_firmware
strongswan6gk5615-0aa00-2aa2_firmware, 6gk5804-0ap00-2aa2_firmware, 6gk5812-1aa00-2aa2_firmware

Description

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-46749 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (7.5 HIGH)
  • CVE-2026-46748 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (8.8 HIGH)
  • CVE-2026-46747 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (4.3 MEDIUM)
  • CVE-2026-46746 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (8.8 HIGH)
  • CVE-2026-49975 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)

Same CWE

  • CVE-2026-10649 A flaw was found in Pacemaker (8.6 HIGH)
  • CVE-2026-53705 A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good (7.6 HIGH)
  • CVE-2026-52722 A signed integer overflow vulnerability was found in GStreamer's VMnc decoder (7.1 HIGH)
  • CVE-2025-55647 An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of ... (5.5 MEDIUM)
  • CVE-2026-6045 LibreOffice can import EMF+ graphics, which may be embedded in documents