Lucene search
MitreCVELIST:CVE-2018-16152HistorySep 26, 2018 - 9:00 p.m.
CVE-2018-16152
2018-09-2621:00:00
mitre
raw.githubusercontent.com
1
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.
Related
alpinelinux
alpinelinux
CVE-2018-16152
2018-09-26 21:29:00
redhatcve
redhatcve
CVE-2018-16152
2018-10-03 20:20:39
prion
prion
Design/Logic Flaw
2018-09-26 21:29:00
Code injection
2018-11-07 20:29:00
Design/Logic Flaw
2014-09-25 17:55:00
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
osv
osv
CVE-2018-16152
2018-09-26 21:29:01
CVE-2018-16253
2018-11-07 20:29:00
nss - security update
2014-09-25 00:00:00
nessus
nessus
SUSE SLES11 Security Update : strongswan (SUSE-SU-2022:14887-1)
2022-02-19 00:00:00
FreeBSD : gnutls -- RSA Signature Forgery Vulnerability (64bf6234-520d-11db-8f1a-000a48049292)
2006-10-05 00:00:00
CentOS 4 : gnutls (CESA-2006:0680)
2006-09-22 00:00:00
cvelist
cvelist
openvas
openvas
Gentoo Security Advisory GLSA 200609-15 (gnutls)
2008-09-24 00:00:00
FreeBSD Ports: gnutls, gnutls-devel
2008-09-04 00:00:00
SLES9: Security update for IBM Java2 JRE and SDK
2009-10-10 00:00:00
gentoo
gentoo
GnuTLS: RSA Signature Forgery
2006-09-26 00:00:00
freebsd
freebsd
gnutls -- RSA Signature Forgery Vulnerability
2006-09-08 00:00:00
NSS -- RSA Signature Forgery
2014-09-23 00:00:00
chromium -- RSA signature malleability in NSS
2014-09-24 00:00:00
centos
centos
gnutls security update
2006-09-14 14:44:53
nss security update
2014-09-26 11:29:24
securityvulns
securityvulns
[USN-348-1] GnuTLS vulnerability
2006-09-19 00:00:00
redhat
redhat
(RHSA-2006:0680) gnutls security update
2006-09-14 00:00:00
(RHSA-2014:1307) Important: nss security update
2014-09-26 00:00:00
(RHSA-2014:1371) Important: nss security update
2014-10-10 00:00:00
debian
debian
[SECURITY] [DSA 1182-1] New gnutls11 packages fix RSA signature forgery cryptographic weakness
2006-09-22 00:00:00
[SECURITY] [DSA 3033-1] nss security update
2014-09-25 00:25:05
[SECURITY] [DSA 3034-1] iceweasel security update
2014-09-25 06:25:56
oraclelinux
oraclelinux
Important gnutls security update
2006-11-30 00:00:00
nss security update
2014-09-26 00:00:00
ubuntu
ubuntu
GnuTLS vulnerability
2006-09-19 00:00:00
Firefox vulnerabilities
2014-09-24 00:00:00
Thunderbird vulnerabilities
2014-09-24 00:00:00
suse
suse
NSS update to avoid signature forgery (critical)
2014-09-28 12:04:18
Security update for mozilla-nss (important)
2014-10-01 17:04:53
Security update for mozilla-nss (important)
2014-09-30 01:04:19
cert
cert
mozilla
mozilla
RSA Signature Forgery in NSS — Mozilla
2014-09-24 00:00:00
archlinux
archlinux
NSS: Signature forgery attack
2014-09-24 00:00:00
[ASA-201809-4] strongswan: authentication bypass
2018-09-24 00:00:00
veracode
veracode
Spoofable RSA Signatures
2019-01-15 09:01:59
fedora
fedora
[SECURITY] Fedora 21 Update: nss-3.17.1-1.fc21
2014-09-29 04:00:07
[SECURITY] Fedora 21 Update: nss-softokn-3.17.1-2.fc21
2014-09-29 04:00:06
[SECURITY] Fedora 21 Update: nss-util-3.17.1-1.fc21
2014-09-29 04:00:07
mageia
mageia
Updated nss packages fix CVE-2014-1568
2014-09-26 19:55:04
amazon
amazon
Important: nss
2014-10-01 16:32:00
Important: nss-softokn
2014-10-01 16:32:00
Important: nss-util
2014-10-01 16:32:00
checkpoint_advisories
checkpoint_advisories
Mozilla Network Security Services RSA Signature Forgery (CVE-2014-1568)
2014-10-19 00:00:00
chrome
chrome
Stable Channel Update
2014-09-24 00:00:00
photon
photon