CVE-2018-16151

EPSS 1.69% · P82 Updated Dec 04, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-16151

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

strongSwan gmp插件安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

strongSwan是瑞士软件开发者Andreas Steffen所维护的一套Linux平台使用的开源的基于IPsec的VPN解决方案。该方案包含X.509公开密钥证书、安全储存私钥、智能卡等认证机制。gmp plugin是其中的一个插件。 strongSwan 4.x版本和5.7.0之前的5.x版本中的gmp插件的‘verify_emsa_pkcs1_signature()’函数存在安全漏洞。远程攻击者可利用该漏洞伪造签名，绕过身份验证。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-16151

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-16151

Please Login to view more intelligence information

https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.htmlx_refsource_CONFIRM
https://www.debian.org/security/2018/dsa-4305vendor-advisoryx_refsource_DEBIAN
USN-3771-1: strongSwan vulnerabilities | Ubuntu security notices | Ubuntuvendor-advisoryx_refsource_UBUNTU
https://security.gentoo.org/glsa/201811-16vendor-advisoryx_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.htmlvendor-advisoryx_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2018/09/msg00032.htmlmailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2018-16151

Same Patch Batch · n/a · 2018-09-26 · 37 CVEs total

CVE-2018-17365		SeaCMS 路径遍历漏洞
CVE-2017-15608		Inedo ProGet 跨站脚本漏洞
CVE-2018-15836		Xelerance Openswan 安全漏洞
CVE-2018-16152		strongSwan gmp插件安全漏洞
CVE-2018-16364		ZOHO ManageEngine Applications Manager 代码问题漏洞
CVE-2018-16968		Citrix ShareFile StorageZones Controller 路径遍历漏洞
CVE-2018-16969		Citrix ShareFile StorageZones Controller 信息泄露漏洞
CVE-2018-17081		e107 跨站请求伪造漏洞
CVE-2018-17215		Postman 安全漏洞
CVE-2018-17570		ViaBTC Exchange Server 数字错误漏洞
CVE-2018-17410		Horus CMS SQL注入漏洞
CVE-2018-17566		ThinkPHP SQL注入漏洞
CVE-2018-14815		Fuji Electric V-Server VPR 缓冲区错误漏洞
CVE-2018-17555		Arris TG2492LG-NA Web组件信息泄露漏洞
CVE-2018-17556		MODX Revolution 跨站脚本漏洞
CVE-2018-15606		SalesAgility SuiteCRM 跨站脚本漏洞
CVE-2018-16672		Circontrol CirCarLife 安全漏洞
CVE-2018-17538		Axon Evidence Sync 安全漏洞
CVE-2018-17311		RICOH MP C6503 Plus 跨站脚本漏洞
CVE-2018-15531		JavaMelody Monitoring插件安全漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-16151

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-16151

I. Basic Information for CVE-2018-16151

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-16151

III. Intelligence Information for CVE-2018-16151

Same Patch Batch · n/a · 2018-09-26 · 37 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-16151

Leave a comment