QwikSec

Security Database

CVE

CWE

Training

CVE-2018-16151

Published: Sep 26, 2018

Modified: Dec 3, 2025

PUBLISHED

Description

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_GENTOO

https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html

x_refsource_CONFIRM

[debian-lts-announce] 20180926 [SECURITY] [DLA 1522-1] strongswan security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2019:2594

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2598

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:0403

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.