Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Strongswan
(Strongswan)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 36 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-07-09 | CVE-2013-2054 | Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054. | Strongswan | N/A | ||
| 2014-05-07 | CVE-2014-2891 | strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. | Strongswan, Strongswan | N/A | ||
| 2015-01-07 | CVE-2014-9221 | strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. | Ubuntu_linux, Debian_linux, Fedora, Opensuse, Strongswan | N/A | ||
| 2015-11-18 | CVE-2015-8023 | The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. | Ubuntu_linux, Strongswan | N/A | ||
| 2017-06-08 | CVE-2017-9022 | The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. | Ubuntu_linux, Debian_linux, Strongswan | 7.5 | ||
| 2017-06-08 | CVE-2017-9023 | The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. | Strongswan | 7.5 | ||
| 2017-08-18 | CVE-2017-11185 | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. | Strongswan | 7.5 | ||
| 2017-09-07 | CVE-2015-3991 | strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. | Strongswan | 9.8 | ||
| 2018-05-31 | CVE-2018-5388 | In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. | Ubuntu_linux, Debian_linux, Strongswan | 6.5 | ||
| 2018-02-20 | CVE-2018-6459 | The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter. | Strongswan | 5.3 |