Remote Integer Overflow in strongSwan's In-Memory Certificate Cache

Remote Integer Overflow in strongSwan's In-Memory Certificate Cache

CVE-2021-41991 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

Learn more about our Web Application Penetration Testing UK.