VIR Vulnerability Intelligence Relay

CVE-2018-6459

medium
Published — · Modified —
CVSS v3
CVSS v2
VIR risk
5.5

Description

The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2018-6459

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2018-6459.html

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201802-10

OS impact
OSVersionStatusFixed in
arch archfixed5.6.2-1
suse slesaffected
debian debianbookwormfixed5.6.2-1
debian debianbullseyefixed5.6.2-1
debian debianforkyfixed5.6.2-1
debian debiansidfixed5.6.2-1
debian debiantrixiefixed5.6.2-1

References

Verify integrity in audit chain (admin only). AS-IS.