strongswan -- Denial-of-service vulnerability in the x509 plugin

ID C7E8E955-6C61-11E7-9B01-2047478F2F70
Type freebsd
Reporter FreeBSD
Modified 2017-05-30T00:00:00


strongSwan security team reports:

ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate.