View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-9022 severity moderate: SUSE including 70 source package names (strongswan, strongswan-4.4.0-6.35.1, …), 159 product×package rows across 41 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (41 product lines)): Fixed 118, Known Not Affected 41.
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.