cvedb.io
CVE-2021-41991
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2021-10-18T14:15:10.333 · Last modified 2026-06-17T04:09:07.460

Summary

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

Affected products

strongswan — strongswan

Does this affect you?

Add your gear to cvedb and we'll alert you only when strongswan ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.