Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Strongswan
(Strongswan)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 36 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-10-31 | CVE-2022-40617 | strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | Ubuntu_linux, Debian_linux, Fedora, Stormshield_network_security, Strongswan | 7.5 | ||
2023-04-15 | CVE-2023-26463 | strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. | Strongswan | 9.8 | ||
2023-12-07 | CVE-2023-41913 | strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. | Strongswan | 9.8 | ||
2021-10-18 | CVE-2021-41990 | The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur. | Debian_linux, Fedora, 6gk5615\-0aa00\-2aa2_firmware, 6gk5804\-0ap00\-2aa2_firmware, 6gk5812\-1aa00\-2aa2_firmware, 6gk5812\-1ba00\-2aa2_firmware, 6gk5816\-1aa00\-2aa2_firmware, 6gk5816\-1ba00\-2aa2_firmware, 6gk5826\-2ab00\-2ab2_firmware, 6gk5856\-2ea00\-3aa1_firmware, 6gk5856\-2ea00\-3da1_firmware, 6gk5874\-2aa00\-2aa2_firmware, 6gk5874\-3aa00\-2aa2_firmware, 6gk5876\-3aa02\-2ba2_firmware, 6gk5876\-3aa02\-2ea2_firmware, 6gk5876\-4aa00\-2ba2_firmware, 6gk5876\-4aa00\-2da2_firmware, 6gk6108\-4am00\-2ba2_firmware, 6gk6108\-4am00\-2da2_firmware, Strongswan | 7.5 | ||
2021-10-18 | CVE-2021-41991 | The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. | Debian_linux, Fedora, Cp_1543\-1_firmware, Scalance_sc622\-2c_firmware, Scalance_sc632\-2c_firmware, Scalance_sc636\-2c_firmware, Scalance_sc642\-2c_firmware, Scalance_sc646\-2c_firmware, Simatic_cp_1242\-7_gprs_v2_firmware, Simatic_cp_1243\-1_firmware, Simatic_cp_1243\-7_lte\/us_firmware, Simatic_cp_1542sp\-1_firmware, Simatic_cp_1542sp\-1_irc_firmware, Simatic_cp_1543sp\-1_firmware, Simatic_net_cp1243\-7_lte_eu_firmware, Simatic_net_cp_1243\-8_irc_firmware, Simatic_net_cp_1545\-1_firmware, Sinema_remote_connect_server, Siplus_et_200sp_cp_1542sp\-1_irc_tx_rail_firmware, Siplus_et_200sp_cp_1543sp\-1_isec_firmware, Siplus_et_200sp_cp_1543sp\-1_isec_tx_rail_firmware, Siplus_net_cp_1543\-1_firmware, Siplus_s7\-1200_cp_1243\-1_firmware, Siplus_s7\-1200_cp_1243\-1_rail_firmware, Strongswan | 7.5 | ||
2022-01-31 | CVE-2021-45079 | In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | Ubuntu_linux, Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Strongswan | 9.1 | ||
2013-05-02 | CVE-2013-2944 | strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. | Strongswan | N/A | ||
2013-07-09 | CVE-2013-2054 | Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054. | Strongswan | N/A | ||
2014-05-07 | CVE-2014-2891 | strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. | Strongswan, Strongswan | N/A | ||
2015-01-07 | CVE-2014-9221 | strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. | Ubuntu_linux, Debian_linux, Fedora, Opensuse, Strongswan | N/A |