Latest strongswan strongswan Vulnerabilities

CVE-2023-41913
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected...
Strongswan Strongswan>=5.3.0<5.9.12
ubuntu/strongswan<5.6.2-1ubuntu2.9+
ubuntu/strongswan<5.8.2-1ubuntu3.6
ubuntu/strongswan<5.9.5-2ubuntu2.2
ubuntu/strongswan<5.9.8-3ubuntu4.1
ubuntu/strongswan<5.9.11-1ubuntu1.1
and 3 more
CVE-2023-26463
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access c...
Strongswan Strongswan=5.9.8
Strongswan Strongswan=5.9.9
CVE-2022-40617
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL tha...
Strongswan Strongswan<5.9.8
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
Canonical Ubuntu Linux=22.04
and 6 more
CVE-2021-45079
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EA...
Strongswan Strongswan>=4.1.2<5.9.5
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Extra Packages For Enterprise Linux=7.0
Fedoraproject Extra Packages For Enterprise Linux=8.0
and 8 more
CVE-2021-41990
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certif...
debian/strongswan
Strongswan Strongswan>=5.6.1<5.9.4
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 35 more
CVE-2021-41991
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of...
debian/strongswan
Strongswan Strongswan>=4.2.10<5.9.4
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=33
and 45 more
CVE-2019-10155
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integr...
redhat/libreswan<3.29
Libreswan Libreswan<3.29
Strongswan Strongswan<5.0.0
Xelerance Openswan
Fedoraproject Fedora=29
Fedoraproject Fedora=30
and 1 more
CVE-2018-17540
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
Strongswan Strongswan<5.7.1
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 5 more
CVE-2018-16152
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorith...
Strongswan Strongswan>=4.0.0<=4.6.4
Strongswan Strongswan>=5.0.0<5.7.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
and 5 more
CVE-2018-16151
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded alg...
Strongswan Strongswan>=4.0.0<=4.6.4
Strongswan Strongswan>=5.0.0<5.7.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
and 5 more
CVE-2018-5388
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
Strongswan Strongswan<5.6.3
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 5 more
CVE-2018-10811
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
Strongswan Strongswan>=5.0.1<5.6.3
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 6 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203