Product:

Strongswan

(Strongswan)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 36
Date Id Summary Products Score Patch Annotated
2023-12-07 CVE-2023-41913 strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. Strongswan 9.8
2013-05-02 CVE-2013-2944 strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. Strongswan N/A
2013-07-09 CVE-2013-2054 Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054. Strongswan N/A
2014-05-07 CVE-2014-2891 strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. Strongswan, Strongswan N/A
2015-01-07 CVE-2014-9221 strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. Ubuntu_linux, Debian_linux, Fedora, Opensuse, Strongswan N/A
2015-11-18 CVE-2015-8023 The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. Ubuntu_linux, Strongswan N/A
2017-06-08 CVE-2017-9022 The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. Ubuntu_linux, Debian_linux, Strongswan 7.5
2017-06-08 CVE-2017-9023 The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. Strongswan 7.5
2017-08-18 CVE-2017-11185 The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. Strongswan 7.5
2017-09-07 CVE-2015-3991 strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. Strongswan 9.8