Wiz
Vulnerability DatabaseCVE-2021-41990

CVE-2021-41990
strongSwan vulnerability analysis and mitigation

Overview

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow vulnerability (CVE-2021-41990) discovered by researchers at the NSA. The vulnerability affects all versions since 5.6.1 and was disclosed on October 18, 2021. The issue exists in the handling of RSASSA-PSS signatures with very large salt lengths, which can be triggered by an unrelated self-signed CA certificate sent by an initiator (StrongSwan Blog).

Technical details

The vulnerability occurs when processing RSASSA-PSS signatures whose parameters define a very high salt length, triggering an integer overflow that can lead to a segmentation fault. The gmp plugin assigns the parsed salt length to a size_t len field of a chunk_t structure and uses that value to verify the signature structure. With a very high salt length (e.g. 2^64-1), this causes an integer overflow that bypasses the initial validation check. If the padding check is passed, it eventually leads to an attempt to use the overflowed length in a memcpy() call, resulting in a segmentation fault (StrongSwan Blog). The vulnerability has a CVSS v3.1 Base Score of 7.5 HIGH (NVD).

Impact

The vulnerability can lead to a denial of service condition through a segmentation fault when processing crafted certificates. While generating a signature that bypasses the padding check requires access to the private key that signed the certificate, the certificate does not need to be trusted. Remote code execution is not possible through this vulnerability (StrongSwan Blog, Debian Advisory).

Mitigation and workarounds

The vulnerability was fixed in strongSwan version 5.9.4. For installations that cannot upgrade immediately, a mitigation is to disable the gmp plugin since only this plugin is affected. For older releases, the strongSwan project provides a patch that fixes the vulnerability and should apply with appropriate hunk offsets (StrongSwan Blog). Various Linux distributions have also released security updates including Debian (5.7.2-1+deb10u1 for buster and 5.9.1-1+deb11u1 for bullseye) (Debian Advisory) and Fedora (Fedora Advisory).

Additional resources

SourceThis report was generated using AI

Related strongSwan vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2023-41913CRITICAL9.8
  • strongSwanstrongSwan
  • strongswan-debuginfo
NoYesDec 07, 2023
CVE-2023-26463CRITICAL9.8
  • strongSwanstrongSwan
  • strongswan
NoYesApr 15, 2023
CVE-2025-62291HIGH8.1
  • strongSwanstrongSwan
  • strongswan-nm
NoYesJan 16, 2026
CVE-2022-40617HIGH7.5
  • strongSwanstrongSwan
  • strongswan-hmac
NoYesOct 31, 2022
CVE-2022-4967MEDIUM6.5
  • strongSwanstrongSwan
  • cpe:2.3:a:strongswan:strongswan
NoYesMay 14, 2024

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo