Vulnerabilites related to strongSwan - Strongswan
Vulnerability from fkie_nvd
Published
2023-12-07 05:15
Modified
2025-01-17 20:15
Severity ?
Summary
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5256E77-93AF-47BF-BD3F-0148F8E9D0B4",
"versionEndExcluding": "5.9.12",
"versionStartIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm\u0027s DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message."
},
{
"lang": "es",
"value": "strongSwan anterior a 5.9.12 tiene un desbordamiento del b\u00fafer y una posible ejecuci\u00f3n remota de c\u00f3digo no autenticado a trav\u00e9s de un valor p\u00fablico DH que excede el b\u00fafer interno en el proxy DH de charon-tkm. La primera versi\u00f3n afectada es la 5.3.0. Un ataque puede ocurrir a trav\u00e9s de un mensaje IKE_SA_INIT manipulado."
}
],
"id": "CVE-2023-41913",
"lastModified": "2025-01-17T20:15:26.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-07T05:15:09.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPJZPYHBCRXUQGGKQE6TYH4J4RIJH6HO/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPJZPYHBCRXUQGGKQE6TYH4J4RIJH6HO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20250117-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-08 01:00
Modified
2025-04-09 00:30
Severity ?
Summary
charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0771FD2-9FB2-4F00-AFB3-B44D124FC5C4",
"versionEndIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60B8687-A72A-4AF6-BDE9-795A1AC2F98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5EA677-BC73-4139-BF09-ADE65C2502A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68B10EB8-0A5B-4C63-9A7D-2F034C286E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F13A264-EA51-4B92-B102-5316E45DB32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "406E1E6C-EA61-4FB8-9B0F-CE823046B09E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F31D56AC-D037-42AE-B70F-C7700929DDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43A3A15C-122A-4564-A2E3-CB0E7C314797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6806075C-2433-4CCB-919B-27979C79C8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3809AE25-E840-4DB3-879E-F678305EC11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "959DA882-CC63-45F7-BF08-55F38DD8E999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9313C88D-1C24-4623-87B4-ECA8285E28A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08474171-A617-4163-BEAD-AA14F53A2BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5516113A-F0F6-478F-95F7-9B4FB2DC68B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5E9376-3ED9-4A3D-83CE-7E1725F8F366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59BFC4CB-91E9-4181-A390-F0CE0D12EE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "339E325D-B76C-400C-B332-7CA675C4F72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "F90373CD-E5C7-46BE-8C5F-22D3DE12A3E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8C12F9-A14F-4BC5-A2CC-18DADE8454C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C78E4DAD-B255-4666-927F-D82AC7396FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B602806-1420-4640-AD17-A2FEFDA6A967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A203ADA7-54C9-4F37-A254-0A5378BB9B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1C417F-C18A-4902-B409-09DD023974B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235DBD81-E542-4FF7-A620-1872DC81D618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "489F9DFA-5B24-4206-A306-0BAE849C2D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "382D76A4-C2C6-4C1C-A0C0-757C372154DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BD021C-FDAC-4938-9390-D455577D30B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C90B1AC8-4C97-49B8-B82B-6F2FF295FDCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A977F561-D324-48EA-BAC5-66920F6BD584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD1B4B-E11F-46D0-A7AE-5E0749F6E216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D09EEB6-386C-4A73-BC08-4243BDC49EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE3B5F4-063F-4AE9-B589-932751182101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD8D5D-7FB7-4B25-B1F2-7850348A6924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24F75943-1327-4868-88D5-917D06BCF5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BE9083-EF34-4B1A-A139-E779E9704F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC07651-4412-40B7-A6C2-9CBCC010CBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EC0D725F-4161-45BA-B1CE-99C2A75B7220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0050370A-4CF0-4772-B287-DD05C5827E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5518A917-D5D1-4985-BF71-B1A34BD3D5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "778D7442-F54A-47DF-B87B-3CFA3CF08799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4B1F28-B3B8-4E31-8E4E-25F5A29F3AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16984E6E-7CA8-4DC3-B800-FFE007617FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C85F0BE-7E89-4B79-A036-9238785BE705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFF4780-2F92-4DF3-878A-C7E2BD57E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C794994-9367-4BBB-8940-BBB44B7C1C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "082272D3-0FE4-4959-978A-FFF795B52CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFEF9B3-C7F7-4588-A174-FAFD39C04116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64C5AB11-3B59-4677-B544-28A22C413C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E595C454-4456-477A-BE51-75CEAB547E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A40E983-4721-48FF-9EFB-702BA78DCB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59E7FA4C-69EE-4225-99FF-0EAB4A6C0049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDF25EB-5509-4D79-8D26-A1CA1092089E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A558368F-D9B1-49DF-A64F-95909A4EE7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74348E15-FF47-4B4D-B062-2EAE3141C84F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "90985506-224F-4AE2-899E-93CA64025396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3386A9-3740-4861-84B0-AAAC5C01378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E823F7-7162-440E-A113-7B1F437BF508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1DEE61-13CB-4810-81B6-2AEBF13619CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D82E08-D6BF-41E3-9C3D-52552C8753CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF06C431-DE35-4CCD-9DCE-ED9EE6A17464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C826191-A68F-4E02-945B-73F35AA580F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A316AF53-7E95-4E4F-8E50-22145F144CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D3F068-778E-4BB7-AB22-368714BE1BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "96330C24-C1AB-4B00-A3CC-5CCD291E0069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF630C7-2AAB-4106-BAC9-AAE6FF278E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58206E-3086-45AC-91B6-032EF55D5552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D636603-65D5-45DB-AF7F-DD01B3932914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97027262-849C-4DE9-90C9-0D9FBBC9F96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8658539D-27D8-47EE-9468-A6B625E6D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C41F9E10-000D-4F3B-BEA6-DEE87405B89B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers \"an incomplete state,\" followed by a CREATE_CHILD_SA request."
},
{
"lang": "es",
"value": "charon/sa/ike_sa.c del demonio charon de strongSWAN anterior a v4.3.1, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referenca a puntero nulo y ca\u00edda) a trav\u00e9s de una solicitud IKE_SA_INIT no v\u00e1lida que provoca \"un estado incompleto\", seguido de una solicitud CREATE_CHILD_SA."
}
],
"id": "CVE-2009-1957",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-08T01:00:00.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35296"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36922"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35178"
},
{
"source": "cve@mitre.org",
"url": "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3866 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/98760 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-3301-1 | Third Party Advisory | |
| cve@mitre.org | https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3866 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98760 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-3301-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 16.10 | |
| canonical | ubuntu_linux | 17.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86691AB7-BE63-4BD7-B6EB-B0E063BE7775",
"versionEndIncluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate."
},
{
"lang": "es",
"value": "El plugin gmp en strnogSwan anterior a 5.5.3 no valida adecuadamente las claves p\u00fablicas RSA tras la llamada mpz_powm_sec, lo que podr\u00eda permitir a peers remotos causar una denegaci\u00f3n de servicio (excepci\u00f3n de punto flotante y cierre inesperado del proceso) a trav\u00e9s de un certificado especialmente dise\u00f1ado."
}
],
"id": "CVE-2017-9022",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T16:29:00.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98760"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3301-1"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3301-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-26 21:29
Modified
2024-11-21 03:52
Severity ?
Summary
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | * | |
| strongswan | strongswan | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D6BC52-A09F-4CB8-BB81-AC1FFCCE5612",
"versionEndIncluding": "4.6.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43E0C1EC-FC33-4A36-8572-8E052C4DB9B7",
"versionEndExcluding": "5.7.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568."
},
{
"lang": "es",
"value": "En verify_emsa_pkcs1_signature() en gmp_rsa_public_key.c en el plugin gmp en strongSwan en versiones 4.x y 5.x anteriores a la 5.7.0, la implementaci\u00f3n RSA basada en GMP no rechaza los datos sobrantes en el campo digestAlgorithm.parameters durante la verificaci\u00f3n de firmas PKCS#1 v1.5. En consecuencia, un atacante remoto puede falsificar firmas cuando se emplean peque\u00f1os exponentes p\u00fablicos, lo que podr\u00eda conducir a una suplantaci\u00f3n cuando solo se emplea una firma RSA para la autenticaci\u00f3n IKEv2. Esta es una variante de CVE-2006-4790 y CVE-2014-1568."
}
],
"id": "CVE-2018-16152",
"lastModified": "2024-11-21T03:52:10.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-26T21:29:01.197",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4305"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-27 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | 4.2.0 | |
| strongswan | strongswan | 4.2.1 | |
| strongswan | strongswan | 4.2.2 | |
| strongswan | strongswan | 4.2.3 | |
| strongswan | strongswan | 4.2.4 | |
| strongswan | strongswan | 4.2.5 | |
| strongswan | strongswan | 4.2.6 | |
| strongswan | strongswan | 4.2.7 | |
| strongswan | strongswan | 4.2.8 | |
| strongswan | strongswan | 4.2.9 | |
| strongswan | strongswan | 4.2.10 | |
| strongswan | strongswan | 4.2.11 | |
| strongswan | strongswan | 4.2.12 | |
| strongswan | strongswan | 4.2.13 | |
| strongswan | strongswan | 4.2.14 | |
| strongswan | strongswan | 4.2.15 | |
| strongswan | strongswan | 4.2.16 | |
| strongswan | strongswan | 4.3.0 | |
| strongswan | strongswan | 4.3.1 | |
| strongswan | strongswan | 4.3.2 | |
| strongswan | strongswan | 4.3.3 | |
| strongswan | strongswan | 4.3.4 | |
| strongswan | strongswan | 4.3.5 | |
| strongswan | strongswan | 4.3.6 | |
| strongswan | strongswan | 4.4.0 | |
| strongswan | strongswan | 4.4.1 | |
| strongswan | strongswan | 4.5.0 | |
| strongswan | strongswan | 4.5.1 | |
| strongswan | strongswan | 4.5.2 | |
| strongswan | strongswan | 4.5.3 | |
| strongswan | strongswan | 4.6.0 | |
| strongswan | strongswan | 4.6.1 | |
| strongswan | strongswan | 4.6.2 | |
| strongswan | strongswan | 4.6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97027262-849C-4DE9-90C9-0D9FBBC9F96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8658539D-27D8-47EE-9468-A6B625E6D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89ACA351-D10F-4D1A-95B0-4B2E329F1E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4D6E89-5313-4016-8A7E-036579330DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95A8E226-FCEC-4545-A628-24F5A8103BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B944D80-A8B9-4034-A95B-BA92ADC8D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F5267BCC-A51C-4F3B-840C-49EF9C2A15F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDCDB4B-2DF5-4394-B33A-08A4B6604D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "66206A52-373C-4DBB-A3D7-2A7569C0181E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F654D3C4-D3A3-41E1-A0D8-3A384319AE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C41F9E10-000D-4F3B-BEA6-DEE87405B89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4F37DFE8-2996-4904-B733-7BAECA95CB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38209DC9-3BE6-49EF-8BA1-6E2BC5D24FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "155EB8F5-7C3C-4293-91EE-62DA561DA54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E42B67A3-8650-426F-A8E8-DCA4180D787A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21CDA326-C5E4-4BAF-9DC6-4E5A57304C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF119CF-2CC5-4313-8722-06BCE3DC6255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDBF811-7E48-4E99-AE05-FFC12AAF1CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83086A98-0F54-460E-929F-A32DCCC604A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8421916C-B6D2-4771-8E59-7057ACC096E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A76F8B29-E036-4895-8296-29FE49C34A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "345E6CA4-A6E3-4A8B-9542-04D032956FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "693623FC-189E-478E-8426-292A9002AABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "278AB378-33D0-449D-8578-B537B4D28C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B465A7-9C74-411B-B65A-892BED6FBD39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D84EEB7-9900-4765-A1AD-B005618ACEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89057C10-2C55-45CB-8497-40E27EAED297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8A9FCA-801F-4320-A3EA-F3EA952F47A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7350416E-359D-45F4-A3AC-1CF7E6EC7ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A022A5-6DDA-4B4C-8354-935F9D99BC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73AED6DF-50C7-49DE-A9CA-A5AB519B4832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDCDDFD-E4ED-436F-A8AD-B218CC5790D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka \"RSA signature verification vulnerability.\""
},
{
"lang": "es",
"value": "El GMP Plugin en strongSwan v4.2.0 hasta v4.6.3 permite a atacantes remotos evitar la autenticaci\u00f3n a trav\u00e9s de una firma RSA (1) vac\u00eda o (2) completada con ceros, tambi\u00e9n conocido como \"Vulnerabilidad de verficaci\u00f3n de firma RSA\"."
}
],
"id": "CVE-2012-2388",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-27T21:55:02.610",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/82587"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49315"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49336"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49370"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/55051"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2483"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53752"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027110"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/82587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76013"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| frees_wan | frees_wan | 1 | |
| frees_wan | frees_wan | 2 | |
| frees_wan | super_frees_wan | 1 | |
| openswan | openswan | 1 | |
| openswan | openswan | 2 | |
| strongswan | strongswan | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frees_wan:frees_wan:1:*:*:*:*:*:*:*",
"matchCriteriaId": "10B562DF-7470-4C26-9989-0872DA521B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frees_wan:frees_wan:2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B02427-164D-4B6B-ACF1-662691FC6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frees_wan:super_frees_wan:1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C94B5FB-8830-4217-BB07-36DAD9902259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openswan:openswan:1:*:*:*:*:*:*:*",
"matchCriteriaId": "06740766-75C5-4EDA-8BFD-96C5E7AE1A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openswan:openswan:2:*:*:*:*:*:*:*",
"matchCriteriaId": "E54638CB-40EE-47D1-A373-1AEF85DE9405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D62594D0-8847-4CC4-9AFD-3C216D429C5B",
"versionEndIncluding": "2.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject."
},
{
"lang": "es",
"value": "FreeS/WAN 1.x y 2.x, y otros productos relacionados, incluyendo superfreeswan 1.x, openswan 1.x anteriores a 1.0.6, openswan 2.x anteriores a 2.1.4 y strongSwan anteriores a 2.1.3 permite a atacantes remotos autenticarse usando certificados PKCS#7 falsificados en los que un certificado auto-firmado identifica a una Autoridad Certificadora (CA) y a un usuario y asunto suplantados."
}
],
"id": "CVE-2004-0590",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-20.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.openswan.org/support/vuln/can-2004-0590/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.openswan.org/support/vuln/can-2004-0590/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16515"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-02 14:55
Modified
2025-04-11 00:51
Severity ?
Summary
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | 4.3.5 | |
| strongswan | strongswan | 4.3.6 | |
| strongswan | strongswan | 4.3.7 | |
| strongswan | strongswan | 4.4.0 | |
| strongswan | strongswan | 4.4.1 | |
| strongswan | strongswan | 4.5.0 | |
| strongswan | strongswan | 4.5.1 | |
| strongswan | strongswan | 4.5.2 | |
| strongswan | strongswan | 4.5.3 | |
| strongswan | strongswan | 4.6.0 | |
| strongswan | strongswan | 4.6.1 | |
| strongswan | strongswan | 4.6.2 | |
| strongswan | strongswan | 4.6.3 | |
| strongswan | strongswan | 4.6.4 | |
| strongswan | strongswan | 5.0.0 | |
| strongswan | strongswan | 5.0.1 | |
| strongswan | strongswan | 5.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A76F8B29-E036-4895-8296-29FE49C34A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "345E6CA4-A6E3-4A8B-9542-04D032956FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA544693-EE26-47A9-9EA2-5CA2AE17E387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "693623FC-189E-478E-8426-292A9002AABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "278AB378-33D0-449D-8578-B537B4D28C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B465A7-9C74-411B-B65A-892BED6FBD39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D84EEB7-9900-4765-A1AD-B005618ACEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89057C10-2C55-45CB-8497-40E27EAED297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8A9FCA-801F-4320-A3EA-F3EA952F47A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7350416E-359D-45F4-A3AC-1CF7E6EC7ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A022A5-6DDA-4B4C-8354-935F9D99BC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73AED6DF-50C7-49DE-A9CA-A5AB519B4832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDCDDFD-E4ED-436F-A8AD-B218CC5790D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1650266B-7975-4ADB-8E7F-A2854ED27CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "944942A8-79D0-40AC-BE98-D552DCF2BB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905ABDB8-6CC3-4F7F-8853-8EDDA5E5AB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A13E-427F-45A7-B898-64C10CD8962B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature."
},
{
"lang": "es",
"value": "strongSwan v4.3.5 hasta v5.0.3, cuando utiliza el plugin OpenSSL para la verificaci\u00f3n de firma ECDSA, permite a atacantes remotos autenticarse como otros usuarios a trav\u00e9s de una firma invalida."
}
],
"id": "CVE-2013-2944",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-02T14:55:05.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00121.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2665"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/59580"
},
{
"source": "cve@mitre.org",
"url": "http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/59580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | 5.2.2 | |
| strongswan | strongswan | 5.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "619B246C-CCB8-4EAC-A992-724A9E56E8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB32E0A3-A72A-4940-A265-ED4896F6A60D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code."
},
{
"lang": "es",
"value": "strongSwan 5.2.2 y 5.3.0 permite que los atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de daemon) o ejecuten c\u00f3digo arbitrario."
}
],
"id": "CVE-2015-3991",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-07T20:29:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164276.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164278.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76861"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222815"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-%28cve-2015-3991%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164276.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-%28cve-2015-3991%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-18 14:15
Modified
2024-11-21 06:27
Severity ?
Summary
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9611E9-41E8-4C83-BB26-E52C35252022",
"versionEndExcluding": "5.9.4",
"versionStartIncluding": "4.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276E81AE-85C3-4DBA-B4E6-0BFD85DE03F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A57CBB-1089-4829-AD1E-89C927611A36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3E5DDA-1BD4-4511-A2C8-4B5D40E6755E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "373B769D-0E60-4362-BAE1-90BA6E0B211C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "049460B8-6186-44F9-B41F-284A2EC0B3B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "205482DA-548C-4757-91F0-1599438873BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2009C1FA-96D5-413C-9161-0DB55F841088",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "350FD323-C876-4C7A-A2E7-4B0660C87F6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF3D204-F783-4ED8-B6DC-7BAE65AB5E89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A79836B-5EC1-40AF-8A57-9657EF6758E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16B3F1A4-6AA2-48C4-B2B3-7CCFED8E35B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A60FC550-A518-46BF-9124-E21DD654981C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:cp_1543-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E64DDA-3855-4CDB-A42C-EE23FEDA9074",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F703FF33-882F-4CB5-9CA0-8FAE670B2AEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A46FF27-6B0D-4606-9D7B-45912556416F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1256EB4B-DD8A-4F99-AE69-F74E8F789C63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01483C0C-8A8D-4059-B4F6-D280A71178B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "843A8686-5172-4782-BB97-B5D3C6FB27A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_eu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80303992-FA4F-4F53-8A52-BF2E2BFB99A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_eu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "209C7B1E-10F6-4215-AF69-CC36192E0FCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte\\/us_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D78E94-D826-4300-BD3D-E544A1D67B0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte\\/us:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00DDA679-D761-4986-A0A0-4C00178DF0B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F1C19F-FCF8-4BB5-BDAE-F7B188A85A1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C868560-8BAE-462D-AED0-3C52EA9B6DB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50CB213E-50AC-418F-A4CF-AEE1E0D74E00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB9BD17-7F1F-42E9-831F-EB907F9BC214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33C9CC6-C03E-47CA-9B8F-96C05C5A4DEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCABEAA-F652-4DB4-89F9-19C6C3B7FB11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10C7D54A-27B4-4195-8131-DD5380472A75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "656082A8-8160-4A1A-967B-F7CC27A218D5",
"versionEndExcluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E54AF1E6-0E52-447C-8946-18716D30EBE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC252750-1EFC-4AA3-9477-A49E3BBD61F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50FEE5FA-B141-4E5F-8673-363089262530",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "934FCA36-A4F2-4B90-93DE-48A3A355D865",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A294530-727C-4535-8B02-668DF74587D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "425AB6D7-7325-4028-9065-D24C597BEB62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E746CF-4009-4A14-8916-A9E0276CAF8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A48B4A9-F8D3-433F-A95B-B541C13FF2C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7AB0D5-FD3E-416A-975B-D212B3350433",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "336471A8-D4AF-4935-B170-DAB2267C61DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25634AD2-2CC0-45AF-B5DE-39D30CBA91A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility."
},
{
"lang": "es",
"value": "La cach\u00e9 de certificados en memoria en strongSwan versiones anteriores a 5.9.4, presenta un desbordamiento de enteros remoto al recibir muchas peticiones con diferentes certificados para llenar la cach\u00e9 y posteriormente desencadenar la sustituci\u00f3n de las entradas de la cach\u00e9. El c\u00f3digo intenta seleccionar una entrada de cach\u00e9 menos usada mediante un generador de n\u00fameros aleatorios, pero esto no es realizado correctamente. Una ejecuci\u00f3n de c\u00f3digo remota podr\u00eda ser una peque\u00f1a posibilidad"
}
],
"id": "CVE-2021-41991",
"lastModified": "2024-11-21T06:27:02.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-18T14:15:10.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4989"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-18 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE9E3E8-A661-4A0D-A1D4-CAD6BB3B3C6F",
"versionEndIncluding": "5.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature."
},
{
"lang": "es",
"value": "El plugin gmp en strongSwan en versiones anteriores a la 5.6.0 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL y daemon crash) mediante una firma RSA manipulada."
}
],
"id": "CVE-2017-11185",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-18T17:29:01.497",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3962"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/100492"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/100492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-04 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | 2.8.0 | |
| strongswan | strongswan | 2.8.1 | |
| strongswan | strongswan | 2.8.2 | |
| strongswan | strongswan | 2.8.3 | |
| strongswan | strongswan | 2.8.4 | |
| strongswan | strongswan | 2.8.5 | |
| strongswan | strongswan | 2.8.6 | |
| strongswan | strongswan | 2.8.7 | |
| strongswan | strongswan | 2.8.8 | |
| strongswan | strongswan | 2.8.10 | |
| strongswan | strongswan | 4.2.0 | |
| strongswan | strongswan | 4.2.1 | |
| strongswan | strongswan | 4.2.2 | |
| strongswan | strongswan | 4.2.3 | |
| strongswan | strongswan | 4.2.10 | |
| strongswan | strongswan | 4.2.11 | |
| strongswan | strongswan | 4.2.12 | |
| strongswan | strongswan | 4.2.13 | |
| strongswan | strongswan | 4.2.14 | |
| strongswan | strongswan | 4.2.15 | |
| strongswan | strongswan | 4.2.16 | |
| strongswan | strongswan | 4.3.0 | |
| strongswan | strongswan | 4.3.1 | |
| strongswan | strongswan | 4.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5518A917-D5D1-4985-BF71-B1A34BD3D5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "778D7442-F54A-47DF-B87B-3CFA3CF08799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4B1F28-B3B8-4E31-8E4E-25F5A29F3AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16984E6E-7CA8-4DC3-B800-FFE007617FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C85F0BE-7E89-4B79-A036-9238785BE705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFF4780-2F92-4DF3-878A-C7E2BD57E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C794994-9367-4BBB-8940-BBB44B7C1C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "082272D3-0FE4-4959-978A-FFF795B52CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFEF9B3-C7F7-4588-A174-FAFD39C04116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18EB62-1042-4F26-9EC3-B7EEA2182716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97027262-849C-4DE9-90C9-0D9FBBC9F96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8658539D-27D8-47EE-9468-A6B625E6D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89ACA351-D10F-4D1A-95B0-4B2E329F1E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4D6E89-5313-4016-8A7E-036579330DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C41F9E10-000D-4F3B-BEA6-DEE87405B89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4F37DFE8-2996-4904-B733-7BAECA95CB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38209DC9-3BE6-49EF-8BA1-6E2BC5D24FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "155EB8F5-7C3C-4293-91EE-62DA561DA54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E42B67A3-8650-426F-A8E8-DCA4180D787A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21CDA326-C5E4-4BAF-9DC6-4E5A57304C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF119CF-2CC5-4313-8722-06BCE3DC6255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDBF811-7E48-4E99-AE05-FFC12AAF1CDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185."
},
{
"lang": "es",
"value": "La funci\u00f3n asn1_length en strongSwan 2.8 antes de 2.8.11, 4.2 antes de 4.2.17 y 4.3 antes de 4.3.3 no maneja adecuadamente certificados X.509 con Relative Distinguished Names (RDNs) modificados, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio pluto IKE) mediante datos ASN.1 malformados. NOTA: Esto es debido a una soluci\u00f3n incompleta de CVE-2009-2185."
}
],
"id": "CVE-2009-2661",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-04T16:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36922"
},
{
"source": "cve@mitre.org",
"url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/07/27/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/2247"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://lists.strongswan.org/pipermail/announce/2009-July/000056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/07/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.strongswan.org/pipermail/announce/2009-July/000056.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-02 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | 5.0.2 | |
| strongswan | strongswan | 5.0.3 | |
| strongswan | strongswan | 5.0.4 | |
| strongswan | strongswan | 5.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A13E-427F-45A7-B898-64C10CD8962B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40ED1E2A-B769-4B1D-83D1-300789E03C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "339D620A-CD60-4078-81A1-5703B1CFBB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0973151D-E7F0-4F3D-B2AD-62486C27DFEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet."
},
{
"lang": "es",
"value": "strongSwan 5.0.2 hasta la versi\u00f3n 5.1.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a un puntero NULL y ca\u00edda del demonio charon) a trav\u00e9s de un paquete de fragmentaci\u00f3n elaborado IKEv1."
}
],
"evaluatorComment": "CWE-476: NULL Pointer Dereference per http://cwe.mitre.org/data/definitions/476.html",
"id": "CVE-2013-6076",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-02T18:55:03.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-26 21:29
Modified
2024-11-21 03:52
Severity ?
Summary
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | * | |
| strongswan | strongswan | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D6BC52-A09F-4CB8-BB81-AC1FFCCE5612",
"versionEndIncluding": "4.6.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43E0C1EC-FC33-4A36-8572-8E052C4DB9B7",
"versionEndExcluding": "5.7.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication."
},
{
"lang": "es",
"value": "En verify_emsa_pkcs1_signature() en gmp_rsa_public_key.c en el plugin gmp en strongSwan en versiones 4.x y 5.x anteriores a la 5.7.0, la implementaci\u00f3n RSA basada en GMP no rechaza los datos sobrantes tras el algoritmo OID cifrado durante la verificaci\u00f3n de firmas PKCS#1 v1.5. De forma similar al error en la misma versi\u00f3n de strongSwan relacionado con digestAlgorithm.parameters, un atacante remoto puede falsificar firmas cuando se emplean peque\u00f1os exponentes p\u00fablicos, lo que podr\u00eda conducir a una suplantaci\u00f3n cuando solo se emplea una firma RSA para la autenticaci\u00f3n IKEv2."
}
],
"id": "CVE-2018-16151",
"lastModified": "2024-11-21T03:52:10.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-26T21:29:01.087",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4305"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-25 02:00
Modified
2025-04-09 00:30
Severity ?
Summary
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5518A917-D5D1-4985-BF71-B1A34BD3D5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "778D7442-F54A-47DF-B87B-3CFA3CF08799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4B1F28-B3B8-4E31-8E4E-25F5A29F3AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16984E6E-7CA8-4DC3-B800-FFE007617FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C85F0BE-7E89-4B79-A036-9238785BE705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFF4780-2F92-4DF3-878A-C7E2BD57E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C794994-9367-4BBB-8940-BBB44B7C1C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "082272D3-0FE4-4959-978A-FFF795B52CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFEF9B3-C7F7-4588-A174-FAFD39C04116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "02A38BCE-66F9-49F9-8C48-DB3DA9E7054D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18EB62-1042-4F26-9EC3-B7EEA2182716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C89C6007-3A8D-427D-8BE3-047DD52DE196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97027262-849C-4DE9-90C9-0D9FBBC9F96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8658539D-27D8-47EE-9468-A6B625E6D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89ACA351-D10F-4D1A-95B0-4B2E329F1E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4D6E89-5313-4016-8A7E-036579330DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95A8E226-FCEC-4545-A628-24F5A8103BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B944D80-A8B9-4034-A95B-BA92ADC8D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F5267BCC-A51C-4F3B-840C-49EF9C2A15F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDCDB4B-2DF5-4394-B33A-08A4B6604D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "66206A52-373C-4DBB-A3D7-2A7569C0181E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F654D3C4-D3A3-41E1-A0D8-3A384319AE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C41F9E10-000D-4F3B-BEA6-DEE87405B89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4F37DFE8-2996-4904-B733-7BAECA95CB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38209DC9-3BE6-49EF-8BA1-6E2BC5D24FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "155EB8F5-7C3C-4293-91EE-62DA561DA54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E42B67A3-8650-426F-A8E8-DCA4180D787A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21CDA326-C5E4-4BAF-9DC6-4E5A57304C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7841F42-1226-43C4-A007-88847925D872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77930F86-13FF-4787-A39F-2D00110AFBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1ADD64-2503-4EED-9F6F-E425A3406123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3067BE9-4314-42BD-8131-89C4899F7D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E00CA6E5-1F63-4D59-BA72-0F8697671718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C35A2049-8502-41F2-894E-E39AEBEB6816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD82E956-8C8E-4B38-9E82-4AA9AEFE6891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0F0EA4-A0DF-48CC-9B42-465A36945503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "78325087-599F-448B-8C47-570914FF6C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*",
"matchCriteriaId": "059CFA5C-B262-47AF-94A6-8E74AFB19204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "12F25627-235B-4312-80A4-4E36DE0E72A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E70B88-6348-42BB-AE96-46BDB1F3C6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*",
"matchCriteriaId": "12A9DF25-48E8-4D52-A267-1BE0437E9000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*",
"matchCriteriaId": "C986533F-E320-46FA-A9F7-DAFDB1A0628A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*",
"matchCriteriaId": "7C77DED4-2696-4172-92B7-43034E61F845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDCCFDA-99A8-4590-99F1-95F3A5AD70B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BED1BA7D-B603-49D4-9080-4A9FEC056A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8EB86B-2DD9-4C4B-9C9A-E88B2C458C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "207B98DB-5962-4F62-AF5B-D48EF0C0E2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB65639-AE3A-4984-93F9-2A8100DCEE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B8921D08-FBA3-4C0A-8944-362909C5EB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3FBD5312-E44F-4996-AA29-AFED53A90E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B24C96-47DF-4FA2-8DF4-8241F4964F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A5067B83-AB9E-4819-B5A2-B14A96EB54C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "773B9BB2-0F65-4604-AF2C-8AC396DDC094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AA892169-0079-48D9-AEF5-641748CE1BF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string."
},
{
"lang": "es",
"value": "El analizador ASN.1 pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) en (a) strongSwan v2.8 anterior a v2.8.10, v4.2 anterior a v4.2.16, y v4.3 anterior a v4.3.2; y (b) openSwan v2.6 anterior a v2.6.22 y v2.4 anterior a v2.4.15 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio IKE pluto) a trav\u00e9s de un certificado X.509 con (1) Nombres Caracterizados Relativos (RDNs) (2) una cadena UTCTIME manipulada, o (3) una cadena GENERALIZEDTIME manipulada."
}
],
"id": "CVE-2009-2185",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-25T02:00:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/CHANGES2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/CHANGES42.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35522"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35698"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35740"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35804"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36922"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36950"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37504"
},
{
"source": "cve@mitre.org",
"url": "http://up2date.astaro.com/2009/07/up2date_7404_released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1898"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"source": "cve@mitre.org",
"url": "http://www.ingate.com/Relnote.php?ver=481"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1138.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35452"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022428"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1639"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1706"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1829"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/CHANGES2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/CHANGES42.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://up2date.astaro.com/2009/07/up2date_7404_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ingate.com/Relnote.php?ver=481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1138.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-14 20:00
Modified
2025-04-09 00:30
Severity ?
Summary
strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DF2081-25C3-4838-BDF6-07BC6583761E",
"versionEndIncluding": "4.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60B8687-A72A-4AF6-BDE9-795A1AC2F98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5EA677-BC73-4139-BF09-ADE65C2502A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68B10EB8-0A5B-4C63-9A7D-2F034C286E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F13A264-EA51-4B92-B102-5316E45DB32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "406E1E6C-EA61-4FB8-9B0F-CE823046B09E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F31D56AC-D037-42AE-B70F-C7700929DDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43A3A15C-122A-4564-A2E3-CB0E7C314797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6806075C-2433-4CCB-919B-27979C79C8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3809AE25-E840-4DB3-879E-F678305EC11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "959DA882-CC63-45F7-BF08-55F38DD8E999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9313C88D-1C24-4623-87B4-ECA8285E28A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08474171-A617-4163-BEAD-AA14F53A2BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5516113A-F0F6-478F-95F7-9B4FB2DC68B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5E9376-3ED9-4A3D-83CE-7E1725F8F366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59BFC4CB-91E9-4181-A390-F0CE0D12EE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "339E325D-B76C-400C-B332-7CA675C4F72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "F90373CD-E5C7-46BE-8C5F-22D3DE12A3E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8C12F9-A14F-4BC5-A2CC-18DADE8454C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C78E4DAD-B255-4666-927F-D82AC7396FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B602806-1420-4640-AD17-A2FEFDA6A967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1C417F-C18A-4902-B409-09DD023974B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235DBD81-E542-4FF7-A620-1872DC81D618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "489F9DFA-5B24-4206-A306-0BAE849C2D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "382D76A4-C2C6-4C1C-A0C0-757C372154DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BD021C-FDAC-4938-9390-D455577D30B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C90B1AC8-4C97-49B8-B82B-6F2FF295FDCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A977F561-D324-48EA-BAC5-66920F6BD584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD1B4B-E11F-46D0-A7AE-5E0749F6E216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D09EEB6-386C-4A73-BC08-4243BDC49EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE3B5F4-063F-4AE9-B589-932751182101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD8D5D-7FB7-4B25-B1F2-7850348A6924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24F75943-1327-4868-88D5-917D06BCF5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BE9083-EF34-4B1A-A139-E779E9704F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0050370A-4CF0-4772-B287-DD05C5827E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64C5AB11-3B59-4677-B544-28A22C413C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E595C454-4456-477A-BE51-75CEAB547E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A40E983-4721-48FF-9EFB-702BA78DCB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59E7FA4C-69EE-4225-99FF-0EAB4A6C0049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDF25EB-5509-4D79-8D26-A1CA1092089E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A558368F-D9B1-49DF-A64F-95909A4EE7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74348E15-FF47-4B4D-B062-2EAE3141C84F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "90985506-224F-4AE2-899E-93CA64025396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3386A9-3740-4861-84B0-AAAC5C01378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E823F7-7162-440E-A113-7B1F437BF508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1DEE61-13CB-4810-81B6-2AEBF13619CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D82E08-D6BF-41E3-9C3D-52552C8753CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF06C431-DE35-4CCD-9DCE-ED9EE6A17464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C826191-A68F-4E02-945B-73F35AA580F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A316AF53-7E95-4E4F-8E50-22145F144CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D3F068-778E-4BB7-AB22-368714BE1BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "96330C24-C1AB-4B00-A3CC-5CCD291E0069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF630C7-2AAB-4106-BAC9-AAE6FF278E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58206E-3086-45AC-91B6-032EF55D5552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D636603-65D5-45DB-AF7F-DD01B3932914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97027262-849C-4DE9-90C9-0D9FBBC9F96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8658539D-27D8-47EE-9468-A6B625E6D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89ACA351-D10F-4D1A-95B0-4B2E329F1E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4D6E89-5313-4016-8A7E-036579330DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95A8E226-FCEC-4545-A628-24F5A8103BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B944D80-A8B9-4034-A95B-BA92ADC8D4E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP)."
},
{
"lang": "es",
"value": "strongSwan 4.2.6 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante un mensaje con un n\u00famero grande de valores NULL en una carga \u00fatil Key Exchange, lo que dispara una referencia a un puntero NULL para el valor de retorno de la funci\u00f3n mpz_export en la GNU Multiprecision Library (GMP) (Biblioteca de Multiprecisi\u00f3n GNU)."
}
],
"id": "CVE-2008-4551",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-14T20:00:01.637",
"references": [
{
"source": "cve@mitre.org",
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"source": "cve@mitre.org",
"url": "http://labs.mudynamics.com/advisories/MU-200809-01.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31963"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31291"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020903"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.mudynamics.com/advisories/MU-200809-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-07 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | strongswan | * | |
| strongswan | strongswan | * | |
| strongswan | strongswan | 5.0.0 | |
| strongswan | strongswan | 5.0.1 | |
| strongswan | strongswan | 5.0.2 | |
| strongswan | strongswan | 5.0.3 | |
| strongswan | strongswan | 5.0.4 | |
| strongswan | strongswan | 5.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DE40C-87A3-4C52-B73D-01407FD05393",
"versionEndIncluding": "5.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7EC837-06D0-4740-B197-F8BDF150E221",
"versionEndIncluding": "5.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "944942A8-79D0-40AC-BE98-D552DCF2BB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905ABDB8-6CC3-4F7F-8853-8EDDA5E5AB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A13E-427F-45A7-B898-64C10CD8962B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40ED1E2A-B769-4B1D-83D1-300789E03C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "339D620A-CD60-4078-81A1-5703B1CFBB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0973151D-E7F0-4F3D-B2AD-62486C27DFEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload."
},
{
"lang": "es",
"value": "strongSwan en versiones anteriores a 5.1.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero null y una ca\u00edda del demonio IKE) a trav\u00e9s de un payload IDER_ASN1_DN ID manipulado."
}
],
"evaluatorImpact": "Per: http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html\n\n\"Based on a crash report from one of our users we found that strongSwan versions before 5.1.2 are susceptible to a DoS vulnerability. Affected are strongSwan versions 4.3.3 and newer, up to 5.1.1. The latest release (5.1.3) is not affected.\"",
"id": "CVE-2014-2891",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-07T10:55:06.820",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59864"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2922"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67212"
},
{
"source": "cve@mitre.org",
"url": "http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-10 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan_vpn_client:*:*:*:*:*:android:*:*",
"matchCriteriaId": "34E0AF79-82E6-40E6-B2B4-355AE251BB6B",
"versionEndIncluding": "1.4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDBF811-7E48-4E99-AE05-FFC12AAF1CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83086A98-0F54-460E-929F-A32DCCC604A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8421916C-B6D2-4771-8E59-7057ACC096E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A76F8B29-E036-4895-8296-29FE49C34A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "345E6CA4-A6E3-4A8B-9542-04D032956FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA544693-EE26-47A9-9EA2-5CA2AE17E387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "693623FC-189E-478E-8426-292A9002AABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "278AB378-33D0-449D-8578-B537B4D28C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B465A7-9C74-411B-B65A-892BED6FBD39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D84EEB7-9900-4765-A1AD-B005618ACEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89057C10-2C55-45CB-8497-40E27EAED297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8A9FCA-801F-4320-A3EA-F3EA952F47A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7350416E-359D-45F4-A3AC-1CF7E6EC7ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A022A5-6DDA-4B4C-8354-935F9D99BC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73AED6DF-50C7-49DE-A9CA-A5AB519B4832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDCDDFD-E4ED-436F-A8AD-B218CC5790D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1650266B-7975-4ADB-8E7F-A2854ED27CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "944942A8-79D0-40AC-BE98-D552DCF2BB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905ABDB8-6CC3-4F7F-8853-8EDDA5E5AB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A13E-427F-45A7-B898-64C10CD8962B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40ED1E2A-B769-4B1D-83D1-300789E03C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "339D620A-CD60-4078-81A1-5703B1CFBB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0973151D-E7F0-4F3D-B2AD-62486C27DFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A1F50-F88A-4601-9DAB-BD47BE0E7750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC48CDA-33DB-42E3-AEC7-431C62055E6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0C952A-B468-4224-B871-D55B5E6D4164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED1BE2B5-44E6-49C1-B030-58195ACC12CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEBF7AF-DC11-4F1A-BE21-236A39D94106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "619B246C-CCB8-4EAC-A992-724A9E56E8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDA9786-AA47-405A-9E76-4D9B69151D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB32E0A3-A72A-4940-A265-ED4896F6A60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C944A53-DF8C-4A86-95D0-A1035571E2FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses."
},
{
"lang": "es",
"value": "strongSwan 4.3.0 hasta 5.x anterior a 5.3.2 y strongSwan VPN Client anterior a 1.4.6, cuando utiliza claves EAP o precompartidas para la autenticaci\u00f3n de una conexi\u00f3n IKEv2, no refuerza las restricciones de autenticaci\u00f3n de servidores hasta que el proceso de autenticaci\u00f3n entero se haya completado, lo que permite a servidores remotos obtener credenciales mediante el uso de un certificado v\u00e1lido y posteriormente la lectura de las respuestas."
}
],
"id": "CVE-2015-4171",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-10T18:59:09.097",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2015/dsa-3282"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/05/29/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/05/29/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74933"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032514"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/USN-2628-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=933591"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://play.google.com/store/apps/details?id=org.strongswan.android"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.suse.com/security/cve/CVE-2015-4171.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2015/dsa-3282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/05/29/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/05/29/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/USN-2628-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=933591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://play.google.com/store/apps/details?id=org.strongswan.android"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/security/cve/CVE-2015-4171.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3866 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/98756 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-3301-1 | Third Party Advisory | |
| cve@mitre.org | https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3866 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98756 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-3301-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86691AB7-BE63-4BD7-B6EB-B0E063BE7775",
"versionEndIncluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate."
},
{
"lang": "es",
"value": "El analizador ASN.1 en strongSwan anterior a versi\u00f3n 5.5.3, maneja inapropiadamente los tipos CHOICE cuando el plugin x509 est\u00e1 habilitado, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) por medio de un certificado dise\u00f1ado."
}
],
"id": "CVE-2017-9023",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T16:29:00.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98756"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3301-1"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3301-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-31 06:15
Modified
2025-05-06 19:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 22.04 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 37 | |
| stormshield | stormshield_network_security | * | |
| stormshield | stormshield_network_security | * | |
| stormshield | stormshield_network_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6606A3-0C2E-4BBE-BEAD-214B004B17EC",
"versionEndExcluding": "5.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C17D344D-BE32-4DA3-A30B-B5DF3C6405BC",
"versionEndExcluding": "3.11.20",
"versionStartIncluding": "3.11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72AE8F-12E1-4A53-9815-4555F01BD3B9",
"versionEndExcluding": "4.3.15",
"versionStartIncluding": "4.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A20ADA-5494-44EE-BFBC-E267C4A7A96A",
"versionEndExcluding": "4.6.0",
"versionStartIncluding": "4.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker\u0027s control) that doesn\u0027t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data."
},
{
"lang": "es",
"value": "strongSwan anterior a 5.9.8 permite a atacantes remotos provocar una Denegaci\u00f3n de Servicio en el complemento de revocaci\u00f3n enviando un certificado de entidad final (y CA intermedia) manipulado que contiene una URL CRL/OCSP que apunta a un servidor (bajo el control del atacante) que no responde adecuadamente pero (por ejemplo) simplemente no hace nada despu\u00e9s del protocolo de enlace TCP inicial o env\u00eda una cantidad excesiva de datos de la aplicaci\u00f3n.\n"
}
],
"id": "CVE-2022-40617",
"lastModified": "2025-05-06T19:15:56.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-10-31T06:15:09.887",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-31 08:15
Modified
2024-11-21 06:31
Severity ?
Summary
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | extra_packages_for_enterprise_linux | 7.0 | |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 | |
| fedoraproject | extra_packages_for_enterprise_linux | 9.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 21.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11ABD44E-341F-4096-A2C2-71AD332501E6",
"versionEndExcluding": "5.9.5",
"versionStartIncluding": "4.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C30C1AC-01E4-4D7C-B03A-8EEEF3FC8C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication."
},
{
"lang": "es",
"value": "En strongSwan versiones anteriores a 5.9.5, un respondedor malicioso puede enviar un mensaje EAP-Success demasiado pronto sin autenticar realmente al cliente y (en el caso de los m\u00e9todos EAP con autenticaci\u00f3n mutua y autenticaci\u00f3n s\u00f3lo EAP para IKEv2) incluso sin autenticaci\u00f3n del servidor"
}
],
"id": "CVE-2021-45079",
"lastModified": "2024-11-21T06:31:54.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-31T08:15:07.307",
"references": [
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-%28cve-2021-45079%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-%28cve-2021-45079%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-01 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "339E325D-B76C-400C-B332-7CA675C4F72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "F90373CD-E5C7-46BE-8C5F-22D3DE12A3E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8C12F9-A14F-4BC5-A2CC-18DADE8454C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C78E4DAD-B255-4666-927F-D82AC7396FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B602806-1420-4640-AD17-A2FEFDA6A967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A203ADA7-54C9-4F37-A254-0A5378BB9B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D09EEB6-386C-4A73-BC08-4243BDC49EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE3B5F4-063F-4AE9-B589-932751182101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD8D5D-7FB7-4B25-B1F2-7850348A6924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24F75943-1327-4868-88D5-917D06BCF5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BE9083-EF34-4B1A-A139-E779E9704F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5518A917-D5D1-4985-BF71-B1A34BD3D5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "778D7442-F54A-47DF-B87B-3CFA3CF08799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4B1F28-B3B8-4E31-8E4E-25F5A29F3AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16984E6E-7CA8-4DC3-B800-FFE007617FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C85F0BE-7E89-4B79-A036-9238785BE705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFF4780-2F92-4DF3-878A-C7E2BD57E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C794994-9367-4BBB-8940-BBB44B7C1C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "082272D3-0FE4-4959-978A-FFF795B52CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFEF9B3-C7F7-4588-A174-FAFD39C04116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97027262-849C-4DE9-90C9-0D9FBBC9F96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8658539D-27D8-47EE-9468-A6B625E6D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89ACA351-D10F-4D1A-95B0-4B2E329F1E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4D6E89-5313-4016-8A7E-036579330DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95A8E226-FCEC-4545-A628-24F5A8103BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B944D80-A8B9-4034-A95B-BA92ADC8D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F5267BCC-A51C-4F3B-840C-49EF9C2A15F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDCDB4B-2DF5-4394-B33A-08A4B6604D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "66206A52-373C-4DBB-A3D7-2A7569C0181E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F654D3C4-D3A3-41E1-A0D8-3A384319AE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C41F9E10-000D-4F3B-BEA6-DEE87405B89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4F37DFE8-2996-4904-B733-7BAECA95CB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38209DC9-3BE6-49EF-8BA1-6E2BC5D24FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "155EB8F5-7C3C-4293-91EE-62DA561DA54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7841F42-1226-43C4-A007-88847925D872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77930F86-13FF-4787-A39F-2D00110AFBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1ADD64-2503-4EED-9F6F-E425A3406123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3067BE9-4314-42BD-8131-89C4899F7D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E00CA6E5-1F63-4D59-BA72-0F8697671718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C35A2049-8502-41F2-894E-E39AEBEB6816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD82E956-8C8E-4B38-9E82-4AA9AEFE6891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0F0EA4-A0DF-48CC-9B42-465A36945503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "78325087-599F-448B-8C47-570914FF6C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*",
"matchCriteriaId": "059CFA5C-B262-47AF-94A6-8E74AFB19204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "12F25627-235B-4312-80A4-4E36DE0E72A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E70B88-6348-42BB-AE96-46BDB1F3C6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*",
"matchCriteriaId": "12A9DF25-48E8-4D52-A267-1BE0437E9000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*",
"matchCriteriaId": "C986533F-E320-46FA-A9F7-DAFDB1A0628A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*",
"matchCriteriaId": "7C77DED4-2696-4172-92B7-43034E61F845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDCCFDA-99A8-4590-99F1-95F3A5AD70B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BED1BA7D-B603-49D4-9080-4A9FEC056A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8EB86B-2DD9-4C4B-9C9A-E88B2C458C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "207B98DB-5962-4F62-AF5B-D48EF0C0E2A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB65639-AE3A-4984-93F9-2A8100DCEE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B8921D08-FBA3-4C0A-8944-362909C5EB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3FBD5312-E44F-4996-AA29-AFED53A90E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B24C96-47DF-4FA2-8DF4-8241F4964F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A5067B83-AB9E-4819-B5A2-B14A96EB54C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "773B9BB2-0F65-4604-AF2C-8AC396DDC094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:2.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AA892169-0079-48D9-AEF5-641748CE1BF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD."
},
{
"lang": "es",
"value": "El demonio IKE pluto de Openswan y Strongswan IPsec v2.6 anterior a v2.6.21 y v2.4 anterior a v2.4.14, y Strongswan v4.2 anterior a v4.2.14 y v2.8 anteior a v2.8.9; permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio y reinicio) a trav\u00e9s de (1) R_U_THERE o (2) R_U_THERE_ACK Detecci\u00f3n de pares muertos (Dead Peer Detection -DPD) mensaje de Notificaci\u00f3n IKE IPsec que provoca una referencia a puntero nulo relacionado con el estado inconsistente ISAKMP y la falta de un estado de asociacion phase2 en DPD."
}
],
"id": "CVE-2009-0790",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-01T10:30:00.267",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34472"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34483"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34494"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34546"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1760"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openswan.org/CVE-2009-0790/CVE-2009-0790.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0402.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/502270/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34296"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1021949"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1021950"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/0886"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49523"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openswan.org/CVE-2009-0790/CVE-2009-0790.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0402.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502270/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11171"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-08 01:00
Modified
2025-04-09 00:30
Severity ?
Summary
charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6739FBA-95D4-4C8F-B320-F27856A4D832",
"versionEndIncluding": "4.2.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60B8687-A72A-4AF6-BDE9-795A1AC2F98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5EA677-BC73-4139-BF09-ADE65C2502A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68B10EB8-0A5B-4C63-9A7D-2F034C286E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F13A264-EA51-4B92-B102-5316E45DB32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "406E1E6C-EA61-4FB8-9B0F-CE823046B09E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F31D56AC-D037-42AE-B70F-C7700929DDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43A3A15C-122A-4564-A2E3-CB0E7C314797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6806075C-2433-4CCB-919B-27979C79C8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3809AE25-E840-4DB3-879E-F678305EC11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "959DA882-CC63-45F7-BF08-55F38DD8E999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9313C88D-1C24-4623-87B4-ECA8285E28A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08474171-A617-4163-BEAD-AA14F53A2BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5516113A-F0F6-478F-95F7-9B4FB2DC68B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5E9376-3ED9-4A3D-83CE-7E1725F8F366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59BFC4CB-91E9-4181-A390-F0CE0D12EE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "339E325D-B76C-400C-B332-7CA675C4F72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "F90373CD-E5C7-46BE-8C5F-22D3DE12A3E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8C12F9-A14F-4BC5-A2CC-18DADE8454C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C78E4DAD-B255-4666-927F-D82AC7396FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B602806-1420-4640-AD17-A2FEFDA6A967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A203ADA7-54C9-4F37-A254-0A5378BB9B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1C417F-C18A-4902-B409-09DD023974B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235DBD81-E542-4FF7-A620-1872DC81D618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "489F9DFA-5B24-4206-A306-0BAE849C2D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "382D76A4-C2C6-4C1C-A0C0-757C372154DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BD021C-FDAC-4938-9390-D455577D30B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C90B1AC8-4C97-49B8-B82B-6F2FF295FDCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A977F561-D324-48EA-BAC5-66920F6BD584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD1B4B-E11F-46D0-A7AE-5E0749F6E216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D09EEB6-386C-4A73-BC08-4243BDC49EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE3B5F4-063F-4AE9-B589-932751182101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD8D5D-7FB7-4B25-B1F2-7850348A6924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24F75943-1327-4868-88D5-917D06BCF5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BE9083-EF34-4B1A-A139-E779E9704F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC07651-4412-40B7-A6C2-9CBCC010CBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EC0D725F-4161-45BA-B1CE-99C2A75B7220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0050370A-4CF0-4772-B287-DD05C5827E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5518A917-D5D1-4985-BF71-B1A34BD3D5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "778D7442-F54A-47DF-B87B-3CFA3CF08799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4B1F28-B3B8-4E31-8E4E-25F5A29F3AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16984E6E-7CA8-4DC3-B800-FFE007617FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C85F0BE-7E89-4B79-A036-9238785BE705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFF4780-2F92-4DF3-878A-C7E2BD57E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C794994-9367-4BBB-8940-BBB44B7C1C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "082272D3-0FE4-4959-978A-FFF795B52CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFEF9B3-C7F7-4588-A174-FAFD39C04116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64C5AB11-3B59-4677-B544-28A22C413C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E595C454-4456-477A-BE51-75CEAB547E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A40E983-4721-48FF-9EFB-702BA78DCB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59E7FA4C-69EE-4225-99FF-0EAB4A6C0049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDF25EB-5509-4D79-8D26-A1CA1092089E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A558368F-D9B1-49DF-A64F-95909A4EE7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74348E15-FF47-4B4D-B062-2EAE3141C84F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "90985506-224F-4AE2-899E-93CA64025396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3386A9-3740-4861-84B0-AAAC5C01378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E823F7-7162-440E-A113-7B1F437BF508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1DEE61-13CB-4810-81B6-2AEBF13619CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D82E08-D6BF-41E3-9C3D-52552C8753CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF06C431-DE35-4CCD-9DCE-ED9EE6A17464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C826191-A68F-4E02-945B-73F35AA580F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A316AF53-7E95-4E4F-8E50-22145F144CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D3F068-778E-4BB7-AB22-368714BE1BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "96330C24-C1AB-4B00-A3CC-5CCD291E0069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF630C7-2AAB-4106-BAC9-AAE6FF278E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58206E-3086-45AC-91B6-032EF55D5552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D636603-65D5-45DB-AF7F-DD01B3932914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97027262-849C-4DE9-90C9-0D9FBBC9F96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8658539D-27D8-47EE-9468-A6B625E6D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89ACA351-D10F-4D1A-95B0-4B2E329F1E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4D6E89-5313-4016-8A7E-036579330DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95A8E226-FCEC-4545-A628-24F5A8103BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B944D80-A8B9-4034-A95B-BA92ADC8D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F5267BCC-A51C-4F3B-840C-49EF9C2A15F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDCDB4B-2DF5-4394-B33A-08A4B6604D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "66206A52-373C-4DBB-A3D7-2A7569C0181E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C41F9E10-000D-4F3B-BEA6-DEE87405B89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4F37DFE8-2996-4904-B733-7BAECA95CB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38209DC9-3BE6-49EF-8BA1-6E2BC5D24FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "155EB8F5-7C3C-4293-91EE-62DA561DA54A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector."
},
{
"lang": "es",
"value": "charon/sa/tasks/child_create.c en el demonio charon en strongSWAN anteriores a v4.3.1 conmuta el test NULL por cargas destructivas TSi y TSr, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de una petici\u00f3n IKE__AUTH sin un (1) TSi o (2) un selector de tr\u00e1fico TSr."
}
],
"id": "CVE-2009-1958",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-08T01:00:00.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35296"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36922"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35178"
},
{
"source": "cve@mitre.org",
"url": "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-03 20:29
Modified
2024-11-21 03:54
Severity ?
Summary
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9B1A12-FB3B-4091-BA63-29DE05E6F627",
"versionEndExcluding": "5.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate."
},
{
"lang": "es",
"value": "El plugin gmp en strongSwan en versiones anteriores a la 5.7.1 tiene un desbordamiento de b\u00fafer mediante un certificado manipulado."
}
],
"id": "CVE-2018-17540",
"lastModified": "2024-11-21T03:54:34.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-03T20:29:09.990",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.strongswan.org/security/CVE-2018-17540/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3774-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4309"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-%28cve-2018-17540%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.strongswan.org/security/CVE-2018-17540/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3774-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-%28cve-2018-17540%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-20 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | 4.3.0 | |
| strongswan | strongswan | 4.3.1 | |
| strongswan | strongswan | 4.3.2 | |
| strongswan | strongswan | 4.3.3 | |
| strongswan | strongswan | 4.3.4 | |
| strongswan | strongswan | 4.3.5 | |
| strongswan | strongswan | 4.3.6 | |
| strongswan | strongswan | 4.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDBF811-7E48-4E99-AE05-FFC12AAF1CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83086A98-0F54-460E-929F-A32DCCC604A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8421916C-B6D2-4771-8E59-7057ACC096E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A76F8B29-E036-4895-8296-29FE49C34A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "345E6CA4-A6E3-4A8B-9542-04D032956FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "693623FC-189E-478E-8426-292A9002AABA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows."
},
{
"lang": "es",
"value": "El demonio IKE en strongSwan v4.3.x anterior a v4.3.7 y v4.4.x anterior a v4.4.1 no comprueba adecuadamente el valor devuelto de la llamada snprintf, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) certificado o (2) datos de identidad manipulados, que desencadenan un debordamiento de b\u00fafer"
}
],
"id": "CVE-2010-2628",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-20T18:00:02.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40956"
},
{
"source": "cve@mitre.org",
"url": "http://trac.strongswan.org/projects/strongswan/wiki/441"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/42444"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024338"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2085"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/2086"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/615915"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://lists.strongswan.org/pipermail/users/2010-August/005167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.strongswan.org/projects/strongswan/wiki/441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/42444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/615915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://lists.strongswan.org/pipermail/users/2010-August/005167.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-19 21:29
Modified
2024-11-21 03:42
Severity ?
Summary
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| fedoraproject | fedora | 28 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18A23C84-CF97-47A7-BC84-59F4B0BF3093",
"versionEndExcluding": "5.6.3",
"versionStartIncluding": "5.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable."
},
{
"lang": "es",
"value": "strongSwan, en versiones 5.6.0 y anteriores, permite una denegaci\u00f3n de servicio (DoS) remota debido a la falta de inicializaci\u00f3n de una variable."
}
],
"id": "CVE-2018-10811",
"lastModified": "2024-11-21T03:42:04.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-19T21:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.strongswan.org/security/CVE-2018-10811/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBO6ZQKLB5RY3TV7MXADFTQKXA2LUEIL/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-%28cve-2018-10811%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.strongswan.org/security/CVE-2018-10811/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBO6ZQKLB5RY3TV7MXADFTQKXA2LUEIL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-%28cve-2018-10811%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-909"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-28 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | 4.1.11 | |
| strongswan | strongswan | 5.0.0 | |
| strongswan | strongswan | 5.0.1 | |
| strongswan | strongswan | 5.0.2 | |
| strongswan | strongswan | 5.0.3 | |
| strongswan | strongswan | 5.0.4 | |
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 12.2 | |
| opensuse | opensuse | 12.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D636603-65D5-45DB-AF7F-DD01B3932914",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "944942A8-79D0-40AC-BE98-D552DCF2BB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905ABDB8-6CC3-4F7F-8853-8EDDA5E5AB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A13E-427F-45A7-B898-64C10CD8962B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40ED1E2A-B769-4B1D-83D1-300789E03C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "339D620A-CD60-4078-81A1-5703B1CFBB3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow."
},
{
"lang": "es",
"value": "La funci\u00f3n is_asn1 en strongSwan v4.1.11 hasta v5.0.4 no valida correctamente el valor de retorno de la funci\u00f3n asn1_length, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de (1) nombre de usuario XAuth, (2) identidad EAP, o (3) la codificaci\u00f3n PEM de un fichero que comienza con los caracteres \"0x04, 0x30, o 0x31\" seguidos por un valor de tama\u00f1o ASN.1 que dispara un desbordamiento de enteros."
}
],
"id": "CVE-2013-5018",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-28T23:55:10.650",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54315"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54524"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61564"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://lists.strongswan.org/pipermail/users/2013-July/009540.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://lists.strongswan.org/pipermail/users/2013-July/009540.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-20 15:29
Modified
2024-11-21 04:10
Severity ?
Summary
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | 5.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05D3194B-4877-499C-B83F-FC95964C78ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter."
},
{
"lang": "es",
"value": "La funci\u00f3n rsa_pss_params_parse en libstrongswan/credentials/keys/signature_params.c en strong permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) mediante una firma RSASSA-PSS manipulada que carece de un par\u00e1metro de funci\u00f3n de generaci\u00f3n de m\u00e1scaras."
}
],
"id": "CVE-2018-6459",
"lastModified": "2024-11-21T04:10:42.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-20T15:29:00.430",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-%28cve-2018-6459%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-%28cve-2018-6459%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-12 14:29
Modified
2024-11-21 04:18
Severity ?
Summary
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libreswan | libreswan | * | |
| strongswan | strongswan | * | |
| xelerance | openswan | * | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03762F60-C5B0-4D4C-95E1-9D6BDA7A2C0B",
"versionEndExcluding": "3.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "489C88AB-FD16-4BBD-9915-906B88F9A9E5",
"versionEndExcluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xelerance:openswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06958DB5-E8C3-4446-B3CF-D1D7B58B4CE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en el proyecto The Libreswan en el procesador de IKEv1 Los paquetes de intercambio informativo IKEv1 que est\u00e1n cifrados y protegidos por integridad utilizando las claves de integridad y cifrado IKE SA establecidas, pero como receptor, el valor de verificaci\u00f3n de integridad no se verific\u00f3. Este problema afecta a las versiones anteriores a 3.29."
}
],
"id": "CVE-2019-10155",
"lastModified": "2024-11-21T04:18:32.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-12T14:29:02.917",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3391"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://libreswan.org/security/CVE-2019-10155/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://libreswan.org/security/CVE-2019-10155/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-16 18:37
Modified
2025-04-12 10:46
Severity ?
Summary
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "90985506-224F-4AE2-899E-93CA64025396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3386A9-3740-4861-84B0-AAAC5C01378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E823F7-7162-440E-A113-7B1F437BF508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1DEE61-13CB-4810-81B6-2AEBF13619CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D82E08-D6BF-41E3-9C3D-52552C8753CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF06C431-DE35-4CCD-9DCE-ED9EE6A17464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C826191-A68F-4E02-945B-73F35AA580F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A316AF53-7E95-4E4F-8E50-22145F144CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D3F068-778E-4BB7-AB22-368714BE1BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "96330C24-C1AB-4B00-A3CC-5CCD291E0069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF630C7-2AAB-4106-BAC9-AAE6FF278E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58206E-3086-45AC-91B6-032EF55D5552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D636603-65D5-45DB-AF7F-DD01B3932914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97027262-849C-4DE9-90C9-0D9FBBC9F96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8658539D-27D8-47EE-9468-A6B625E6D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89ACA351-D10F-4D1A-95B0-4B2E329F1E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4D6E89-5313-4016-8A7E-036579330DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95A8E226-FCEC-4545-A628-24F5A8103BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B944D80-A8B9-4034-A95B-BA92ADC8D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F5267BCC-A51C-4F3B-840C-49EF9C2A15F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDCDB4B-2DF5-4394-B33A-08A4B6604D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "66206A52-373C-4DBB-A3D7-2A7569C0181E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F654D3C4-D3A3-41E1-A0D8-3A384319AE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C41F9E10-000D-4F3B-BEA6-DEE87405B89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4F37DFE8-2996-4904-B733-7BAECA95CB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38209DC9-3BE6-49EF-8BA1-6E2BC5D24FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "155EB8F5-7C3C-4293-91EE-62DA561DA54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E42B67A3-8650-426F-A8E8-DCA4180D787A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21CDA326-C5E4-4BAF-9DC6-4E5A57304C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF119CF-2CC5-4313-8722-06BCE3DC6255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDBF811-7E48-4E99-AE05-FFC12AAF1CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83086A98-0F54-460E-929F-A32DCCC604A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8421916C-B6D2-4771-8E59-7057ACC096E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A76F8B29-E036-4895-8296-29FE49C34A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "345E6CA4-A6E3-4A8B-9542-04D032956FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA544693-EE26-47A9-9EA2-5CA2AE17E387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "693623FC-189E-478E-8426-292A9002AABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "278AB378-33D0-449D-8578-B537B4D28C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B465A7-9C74-411B-B65A-892BED6FBD39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D84EEB7-9900-4765-A1AD-B005618ACEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89057C10-2C55-45CB-8497-40E27EAED297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8A9FCA-801F-4320-A3EA-F3EA952F47A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7350416E-359D-45F4-A3AC-1CF7E6EC7ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A022A5-6DDA-4B4C-8354-935F9D99BC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73AED6DF-50C7-49DE-A9CA-A5AB519B4832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDCDDFD-E4ED-436F-A8AD-B218CC5790D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1650266B-7975-4ADB-8E7F-A2854ED27CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "944942A8-79D0-40AC-BE98-D552DCF2BB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905ABDB8-6CC3-4F7F-8853-8EDDA5E5AB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A13E-427F-45A7-B898-64C10CD8962B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40ED1E2A-B769-4B1D-83D1-300789E03C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "339D620A-CD60-4078-81A1-5703B1CFBB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0973151D-E7F0-4F3D-B2AD-62486C27DFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A1F50-F88A-4601-9DAB-BD47BE0E7750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC48CDA-33DB-42E3-AEC7-431C62055E6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established."
},
{
"lang": "es",
"value": "IKEv2 en strongSwan 4.0.7 anterior a 5.1.3 permite a atacantes remotos evadir autenticaci\u00f3n mediante la recodificaci\u00f3n de un IKE_SA durante (1) iniciaci\u00f3n o (2) re-autenticaci\u00f3n, lo que provoca el estado de IKE_SA sea configurado como establecido."
}
],
"id": "CVE-2014-2338",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-16T18:37:14.240",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/57823"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2903"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66815"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-18 14:15
Modified
2024-11-21 06:27
Severity ?
Summary
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C846D49A-DAB8-4A9D-8F5D-C2DE8514BD13",
"versionEndExcluding": "5.9.4",
"versionStartIncluding": "5.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk6108-4am00-2ba2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD2C58F-144D-4E04-9D4C-2F2A4698FF5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk6108-4am00-2ba2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF17A4F6-6057-4A37-87E7-9BCADD629FF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk6108-4am00-2da2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A69F6F1C-C623-42DB-B4E5-81C29F8273C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk6108-4am00-2da2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F2102-116D-4488-9FEC-2A97DC6C5964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5804-0ap00-2aa2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35EC73B8-B260-4F0E-A14E-333706FDD8BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5804-0ap00-2aa2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB76E7F-193D-4AFA-A820-A3D93D1AAA32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5812-1aa00-2aa2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE42F585-4318-4726-BF5A-286EE846EB17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5812-1aa00-2aa2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "374B9F0F-D572-4CB3-8A8C-778AE405E4FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5812-1ba00-2aa2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD1DFFA-790E-4D92-A8D8-70E784DB4997",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5812-1ba00-2aa2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A8BB09-B2DC-4F09-A051-FC1ACCA76627",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5816-1aa00-2aa2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35CFC5E6-B755-46E1-A115-8A6EFCDAFF09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5816-1aa00-2aa2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A090F9-63B9-4C02-8FF5-91A99231434A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5816-1ba00-2aa2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53740F7-54A1-480D-9271-ECF8D0CB067C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5816-1ba00-2aa2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1FC0649-5A59-47C3-92F8-22A27EA08495",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5826-2ab00-2ab2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "068C6894-26DB-49B4-8F6B-1CF647AC6370",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5826-2ab00-2ab2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58C61EFF-461A-4FA0-B851-4B838FC9762F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5874-2aa00-2aa2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91B842C1-A4AC-402C-ADAE-64DB4B2D40A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5874-2aa00-2aa2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7267C4-1486-49AF-B5F9-2A40DC285E86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5874-3aa00-2aa2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B331C5C-F77B-4892-8CFD-7F24882EA3A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5874-3aa00-2aa2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B82271D5-62F9-4483-A199-AB306F560E70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5876-3aa02-2ba2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "798171AF-C325-4F47-8524-BF1B80C7E6E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5876-3aa02-2ba2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFD5B12-FE85-432D-9169-657E8CA7FDB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5876-3aa02-2ea2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "315AC6E8-FAE5-4FB3-8326-AD224DF63841",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5876-3aa02-2ea2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F55773A9-F64F-4365-8249-B1500C809D63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5876-4aa00-2ba2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533B1922-AD4E-4AD6-9A82-202300FE2C68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5876-4aa00-2ba2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8040F274-DC42-466F-B13A-4DEA36B351DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5876-4aa00-2da2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1364CC7A-BA04-405B-B8C2-AE6DDC90B746",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5876-4aa00-2da2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D28BCB70-1DA2-4C1D-8FA5-B7242163C3DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5856-2ea00-3da1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C39484-B251-47FD-AFA2-0480BB95A265",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5856-2ea00-3da1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59C631-F68B-4BB1-ACF1-BDE034214B20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5856-2ea00-3aa1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "032A3ABF-C39E-4786-9D57-CE14601B2F34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5856-2ea00-3aa1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3CE8D68-CCE8-49E8-8229-5D64E5F7C67B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:6gk5615-0aa00-2aa2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49D07F00-C689-4B82-A4BA-51A39CE92A87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:6gk5615-0aa00-2aa2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF189379-EA02-4FCE-8E85-51C7CFD1674C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur."
},
{
"lang": "es",
"value": "El plugin gmp en strongSwan versiones anteriores a 5.9.4, presenta un desbordamiento de enteros remoto por medio de un certificado dise\u00f1ado con una firma RSASSA-PSS. Por ejemplo, esto puede ser desencadenado por un certificado de CA autofirmado no relacionado enviado por un iniciador. Una ejecuci\u00f3n de c\u00f3digo remota no puede ocurrir"
}
],
"id": "CVE-2021-41990",
"lastModified": "2024-11-21T06:27:01.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-18T14:15:10.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4989"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41990%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41990%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-15 00:15
Modified
2025-02-07 22:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | 5.9.8 | |
| strongswan | strongswan | 5.9.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.9.8:-:*:*:*:*:*:*",
"matchCriteriaId": "482D37B7-BF04-40BB-B0BB-6DCA3F73BC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.9.9:-:*:*:*:*:*:*",
"matchCriteriaId": "F93C7004-3899-4267-BFF0-9171A9C905E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named \"public\" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10."
}
],
"id": "CVE-2023-26463",
"lastModified": "2025-02-07T22:15:12.097",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-15T00:15:07.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20230517-0010/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230517-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
},
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
},
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-09 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60B8687-A72A-4AF6-BDE9-795A1AC2F98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5EA677-BC73-4139-BF09-ADE65C2502A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68B10EB8-0A5B-4C63-9A7D-2F034C286E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F13A264-EA51-4B92-B102-5316E45DB32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "406E1E6C-EA61-4FB8-9B0F-CE823046B09E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F31D56AC-D037-42AE-B70F-C7700929DDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43A3A15C-122A-4564-A2E3-CB0E7C314797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6806075C-2433-4CCB-919B-27979C79C8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3809AE25-E840-4DB3-879E-F678305EC11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5516113A-F0F6-478F-95F7-9B4FB2DC68B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5E9376-3ED9-4A3D-83CE-7E1725F8F366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59BFC4CB-91E9-4181-A390-F0CE0D12EE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE2E919-CF9E-4384-B1C4-CB4DB85EE040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "339E325D-B76C-400C-B332-7CA675C4F72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "F90373CD-E5C7-46BE-8C5F-22D3DE12A3E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8C12F9-A14F-4BC5-A2CC-18DADE8454C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C78E4DAD-B255-4666-927F-D82AC7396FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B602806-1420-4640-AD17-A2FEFDA6A967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A203ADA7-54C9-4F37-A254-0A5378BB9B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1C417F-C18A-4902-B409-09DD023974B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235DBD81-E542-4FF7-A620-1872DC81D618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "489F9DFA-5B24-4206-A306-0BAE849C2D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "382D76A4-C2C6-4C1C-A0C0-757C372154DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BD021C-FDAC-4938-9390-D455577D30B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C90B1AC8-4C97-49B8-B82B-6F2FF295FDCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A977F561-D324-48EA-BAC5-66920F6BD584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD1B4B-E11F-46D0-A7AE-5E0749F6E216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CD443-090C-4D79-9FF9-DB0C54934A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D09EEB6-386C-4A73-BC08-4243BDC49EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE3B5F4-063F-4AE9-B589-932751182101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD8D5D-7FB7-4B25-B1F2-7850348A6924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24F75943-1327-4868-88D5-917D06BCF5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BE9083-EF34-4B1A-A139-E779E9704F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4111C610-6CF2-437F-A2C5-90C8C2A2F6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC07651-4412-40B7-A6C2-9CBCC010CBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EC0D725F-4161-45BA-B1CE-99C2A75B7220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2F5434EB-B75D-44DC-9BDD-D7AB467EE5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0050370A-4CF0-4772-B287-DD05C5827E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04C91A61-89D8-460C-9C13-E5B955D31D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3E7043-98F2-4913-9433-B8D2AA91BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15D8F2A6-15E9-4D41-A379-A9828C88BF75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5518A917-D5D1-4985-BF71-B1A34BD3D5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "778D7442-F54A-47DF-B87B-3CFA3CF08799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4B1F28-B3B8-4E31-8E4E-25F5A29F3AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16984E6E-7CA8-4DC3-B800-FFE007617FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C85F0BE-7E89-4B79-A036-9238785BE705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFF4780-2F92-4DF3-878A-C7E2BD57E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C794994-9367-4BBB-8940-BBB44B7C1C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "082272D3-0FE4-4959-978A-FFF795B52CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFEF9B3-C7F7-4588-A174-FAFD39C04116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "02A38BCE-66F9-49F9-8C48-DB3DA9E7054D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18EB62-1042-4F26-9EC3-B7EEA2182716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1A19BDC1-8E74-4B9E-9485-78DCE53E95F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64C5AB11-3B59-4677-B544-28A22C413C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E595C454-4456-477A-BE51-75CEAB547E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A40E983-4721-48FF-9EFB-702BA78DCB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59E7FA4C-69EE-4225-99FF-0EAB4A6C0049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDF25EB-5509-4D79-8D26-A1CA1092089E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A558368F-D9B1-49DF-A64F-95909A4EE7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74348E15-FF47-4B4D-B062-2EAE3141C84F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "90985506-224F-4AE2-899E-93CA64025396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C89C6007-3A8D-427D-8BE3-047DD52DE196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3386A9-3740-4861-84B0-AAAC5C01378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E823F7-7162-440E-A113-7B1F437BF508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1DEE61-13CB-4810-81B6-2AEBF13619CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D82E08-D6BF-41E3-9C3D-52552C8753CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF06C431-DE35-4CCD-9DCE-ED9EE6A17464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C826191-A68F-4E02-945B-73F35AA580F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A316AF53-7E95-4E4F-8E50-22145F144CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D3F068-778E-4BB7-AB22-368714BE1BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "96330C24-C1AB-4B00-A3CC-5CCD291E0069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF630C7-2AAB-4106-BAC9-AAE6FF278E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BF58206E-3086-45AC-91B6-032EF55D5552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D636603-65D5-45DB-AF7F-DD01B3932914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97027262-849C-4DE9-90C9-0D9FBBC9F96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8658539D-27D8-47EE-9468-A6B625E6D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89ACA351-D10F-4D1A-95B0-4B2E329F1E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4D6E89-5313-4016-8A7E-036579330DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95A8E226-FCEC-4545-A628-24F5A8103BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B944D80-A8B9-4034-A95B-BA92ADC8D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F5267BCC-A51C-4F3B-840C-49EF9C2A15F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDCDB4B-2DF5-4394-B33A-08A4B6604D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "66206A52-373C-4DBB-A3D7-2A7569C0181E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F654D3C4-D3A3-41E1-A0D8-3A384319AE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C41F9E10-000D-4F3B-BEA6-DEE87405B89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4F37DFE8-2996-4904-B733-7BAECA95CB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38209DC9-3BE6-49EF-8BA1-6E2BC5D24FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "155EB8F5-7C3C-4293-91EE-62DA561DA54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E42B67A3-8650-426F-A8E8-DCA4180D787A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21CDA326-C5E4-4BAF-9DC6-4E5A57304C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF119CF-2CC5-4313-8722-06BCE3DC6255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDBF811-7E48-4E99-AE05-FFC12AAF1CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83086A98-0F54-460E-929F-A32DCCC604A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8421916C-B6D2-4771-8E59-7057ACC096E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la funci\u00f3n atodn en strongSwan v2.0.0 hasta v4.3.4, cuando est\u00e1 activada \"Opportunistic Encryption\" y se usa una clave RSA, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (caida del demonio IKE) y posiblemente ejecutar c\u00f3digo a trav\u00e9s de registros DNS TXT. NOTA: esta podr\u00eda ser la misma vulnerabilidad que CVE-2013-2053 y CVE-2013-2054."
}
],
"id": "CVE-2013-2054",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-09T17:55:01.060",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/security/CVE-2013-2054/CVE-2013-2054.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/59837"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.libreswan.org/pipermail/swan-announce/2013/000003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://download.strongswan.org/security/CVE-2013-2054/CVE-2013-2054.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/59837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.libreswan.org/pipermail/swan-announce/2013/000003.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-02 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | 4.3.3 | |
| strongswan | strongswan | 4.3.4 | |
| strongswan | strongswan | 4.3.5 | |
| strongswan | strongswan | 4.3.6 | |
| strongswan | strongswan | 4.3.7 | |
| strongswan | strongswan | 4.4.0 | |
| strongswan | strongswan | 4.4.1 | |
| strongswan | strongswan | 4.5.0 | |
| strongswan | strongswan | 4.5.1 | |
| strongswan | strongswan | 4.5.2 | |
| strongswan | strongswan | 4.5.3 | |
| strongswan | strongswan | 4.6.0 | |
| strongswan | strongswan | 4.6.1 | |
| strongswan | strongswan | 4.6.2 | |
| strongswan | strongswan | 4.6.3 | |
| strongswan | strongswan | 4.6.4 | |
| strongswan | strongswan | 5.0.0 | |
| strongswan | strongswan | 5.0.1 | |
| strongswan | strongswan | 5.0.2 | |
| strongswan | strongswan | 5.0.3 | |
| strongswan | strongswan | 5.0.4 | |
| strongswan | strongswan | 5.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83086A98-0F54-460E-929F-A32DCCC604A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8421916C-B6D2-4771-8E59-7057ACC096E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A76F8B29-E036-4895-8296-29FE49C34A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "345E6CA4-A6E3-4A8B-9542-04D032956FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA544693-EE26-47A9-9EA2-5CA2AE17E387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "693623FC-189E-478E-8426-292A9002AABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "278AB378-33D0-449D-8578-B537B4D28C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B465A7-9C74-411B-B65A-892BED6FBD39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D84EEB7-9900-4765-A1AD-B005618ACEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89057C10-2C55-45CB-8497-40E27EAED297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8A9FCA-801F-4320-A3EA-F3EA952F47A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7350416E-359D-45F4-A3AC-1CF7E6EC7ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A022A5-6DDA-4B4C-8354-935F9D99BC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73AED6DF-50C7-49DE-A9CA-A5AB519B4832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDCDDFD-E4ED-436F-A8AD-B218CC5790D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1650266B-7975-4ADB-8E7F-A2854ED27CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "944942A8-79D0-40AC-BE98-D552DCF2BB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905ABDB8-6CC3-4F7F-8853-8EDDA5E5AB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A13E-427F-45A7-B898-64C10CD8962B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40ED1E2A-B769-4B1D-83D1-300789E03C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "339D620A-CD60-4078-81A1-5703B1CFBB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0973151D-E7F0-4F3D-B2AD-62486C27DFEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an \"insufficient length check\" during identity comparison."
},
{
"lang": "es",
"value": "La funci\u00f3n compare_dn en utils/identification.c en strongSwan 4.3.3 hasta la versi\u00f3n 5.1.1 permite (1) a atacantes remotos provocar una denegaci\u00f3n de servicio (leer fuera de los l\u00edmites, referencia a un puntero NULL, y la ca\u00edda del demonio) o (2) usuarios remotos autenticados suplantar a usuarios arbitrarios y evitar las restricciones de acceso a trav\u00e9s de un ID ID_DER_ASN1_DN elaborado, relacionado con un \"insufficient length check\" en comparaci\u00f3n de identidad."
}
],
"evaluatorComment": "Per http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html\n\n\u0027Affected are strongSwan versions 4.3.3 and newer, up to 5.1.0.\u0027",
"id": "CVE-2013-6075",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-02T18:55:03.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2789"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-18 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38209DC9-3BE6-49EF-8BA1-6E2BC5D24FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "155EB8F5-7C3C-4293-91EE-62DA561DA54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E42B67A3-8650-426F-A8E8-DCA4180D787A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "21CDA326-C5E4-4BAF-9DC6-4E5A57304C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF119CF-2CC5-4313-8722-06BCE3DC6255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDBF811-7E48-4E99-AE05-FFC12AAF1CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83086A98-0F54-460E-929F-A32DCCC604A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8421916C-B6D2-4771-8E59-7057ACC096E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A76F8B29-E036-4895-8296-29FE49C34A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "345E6CA4-A6E3-4A8B-9542-04D032956FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA544693-EE26-47A9-9EA2-5CA2AE17E387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "693623FC-189E-478E-8426-292A9002AABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "278AB378-33D0-449D-8578-B537B4D28C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B465A7-9C74-411B-B65A-892BED6FBD39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D84EEB7-9900-4765-A1AD-B005618ACEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89057C10-2C55-45CB-8497-40E27EAED297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8A9FCA-801F-4320-A3EA-F3EA952F47A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7350416E-359D-45F4-A3AC-1CF7E6EC7ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A022A5-6DDA-4B4C-8354-935F9D99BC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73AED6DF-50C7-49DE-A9CA-A5AB519B4832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDCDDFD-E4ED-436F-A8AD-B218CC5790D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1650266B-7975-4ADB-8E7F-A2854ED27CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "944942A8-79D0-40AC-BE98-D552DCF2BB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905ABDB8-6CC3-4F7F-8853-8EDDA5E5AB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A13E-427F-45A7-B898-64C10CD8962B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40ED1E2A-B769-4B1D-83D1-300789E03C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "339D620A-CD60-4078-81A1-5703B1CFBB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0973151D-E7F0-4F3D-B2AD-62486C27DFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A1F50-F88A-4601-9DAB-BD47BE0E7750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC48CDA-33DB-42E3-AEC7-431C62055E6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0C952A-B468-4224-B871-D55B5E6D4164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED1BE2B5-44E6-49C1-B030-58195ACC12CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEBF7AF-DC11-4F1A-BE21-236A39D94106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "619B246C-CCB8-4EAC-A992-724A9E56E8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDA9786-AA47-405A-9E76-4D9B69151D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB32E0A3-A72A-4940-A265-ED4896F6A60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C944A53-DF8C-4A86-95D0-A1035571E2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C675D50-A320-487F-BD45-CD4C7F181130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF45828-9EE6-49B0-A038-AC40B2506818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del servidor del protocolo EAP-MSCHAPv2 en el plugin eap-mschapv2 en strongSwan 4.2.12 hasta la versi\u00f3n 5.x en versiones anteriores a 5.3.4 no valida adecuadamente el estado local, lo que permite a atacantes remotos eludir la autenticaci\u00f3n a trav\u00e9s de un mensaje Success vac\u00edo en respuesta a un mensaje Challenge inicial."
}
],
"id": "CVE-2015-8023",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-18T16:59:07.587",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00025.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00139.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3398"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/84947"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2811-1"
},
{
"source": "cve@mitre.org",
"url": "https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/84947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2811-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-31 13:29
Modified
2024-11-21 04:08
Severity ?
Summary
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8602ED39-DA1E-487C-B509-E3546D48728C",
"versionEndExcluding": "5.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket."
},
{
"lang": "es",
"value": "En stroke_socket.c en strongSwan en versiones anteriores a la 5.6.3, la ausencia de comprobaciones de la longitud de los paquetes podr\u00eda permitir un desbordamiento del b\u00fafer, lo que puede conducir al agotamiento del recurso y a la denegaci\u00f3n de servicio mientras se lee desde el socket."
}
],
"id": "CVE-2018-5388",
"lastModified": "2024-11-21T04:08:43.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-31T13:29:00.220",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "cret@cert.org",
"url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/338343"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104263"
},
{
"source": "cret@cert.org",
"url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/338343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4229"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-124"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-07 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| strongswan | strongswan | 4.5.0 | |
| strongswan | strongswan | 4.5.1 | |
| strongswan | strongswan | 4.5.2 | |
| strongswan | strongswan | 4.5.3 | |
| strongswan | strongswan | 4.6.0 | |
| strongswan | strongswan | 4.6.1 | |
| strongswan | strongswan | 4.6.2 | |
| strongswan | strongswan | 4.6.3 | |
| strongswan | strongswan | 4.6.4 | |
| strongswan | strongswan | 5.0.0 | |
| strongswan | strongswan | 5.0.1 | |
| strongswan | strongswan | 5.0.2 | |
| strongswan | strongswan | 5.0.3 | |
| strongswan | strongswan | 5.0.4 | |
| strongswan | strongswan | 5.1.0 | |
| strongswan | strongswan | 5.1.1 | |
| strongswan | strongswan | 5.1.2 | |
| strongswan | strongswan | 5.1.3 | |
| strongswan | strongswan | 5.2.0 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| fedoraproject | fedora | 21 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B465A7-9C74-411B-B65A-892BED6FBD39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D84EEB7-9900-4765-A1AD-B005618ACEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89057C10-2C55-45CB-8497-40E27EAED297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8A9FCA-801F-4320-A3EA-F3EA952F47A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7350416E-359D-45F4-A3AC-1CF7E6EC7ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A022A5-6DDA-4B4C-8354-935F9D99BC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73AED6DF-50C7-49DE-A9CA-A5AB519B4832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDCDDFD-E4ED-436F-A8AD-B218CC5790D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1650266B-7975-4ADB-8E7F-A2854ED27CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "944942A8-79D0-40AC-BE98-D552DCF2BB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905ABDB8-6CC3-4F7F-8853-8EDDA5E5AB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A13E-427F-45A7-B898-64C10CD8962B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40ED1E2A-B769-4B1D-83D1-300789E03C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "339D620A-CD60-4078-81A1-5703B1CFBB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0973151D-E7F0-4F3D-B2AD-62486C27DFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A1F50-F88A-4601-9DAB-BD47BE0E7750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC48CDA-33DB-42E3-AEC7-431C62055E6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0C952A-B468-4224-B871-D55B5E6D4164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED1BE2B5-44E6-49C1-B030-58195ACC12CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025."
},
{
"lang": "es",
"value": "strongSwan 4.5.x hasta 5.2.x anterior a 5.2.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero inv\u00e1lido) a trav\u00e9s de un mensaje IKEv2 Key Exchange (KE) manipulado con el grupo Diffie-Hellman (DH) 1025."
}
],
"id": "CVE-2014-9221",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-07T19:59:01.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/62071"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62083"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/62095"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/62663"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3118"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71894"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2450-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/62071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/62095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/62663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2450-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-4967 (GCVE-0-2022-4967)
Vulnerability from cvelistv5
Published
2024-05-13 12:09
Modified
2025-02-13 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strongSwan | strongSwan |
Version: 5.9.2 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T13:10:42.421746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:33.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:55:46.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4967"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240614-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "strongswan",
"platforms": [
"Linux"
],
"product": "strongSwan",
"repo": "https://github.com/strongswan/strongswan",
"vendor": "strongSwan",
"versions": [
{
"lessThan": "5.9.6",
"status": "affected",
"version": "5.9.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jan Schermer"
}
],
"descriptions": [
{
"lang": "en",
"value": "strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client\u0027s certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-297",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T13:06:08.293Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4967"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240614-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-4967",
"datePublished": "2024-05-13T12:09:19.104Z",
"dateReserved": "2024-04-19T18:02:23.578Z",
"dateUpdated": "2025-02-13T16:38:39.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0590 (GCVE-0-2004-0590)
Vulnerability from cvelistv5
Published
2004-06-30 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:27.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2004:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openswan.org/support/vuln/can-2004-0590/"
},
{
"name": "GLSA-200406-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-20.xml"
},
{
"name": "ipsec-verifyx509cert-auth-bypass(16515)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2004:070",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openswan.org/support/vuln/can-2004-0590/"
},
{
"name": "GLSA-200406-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-20.xml"
},
{
"name": "ipsec-verifyx509cert-auth-bypass(16515)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2004:070",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070"
},
{
"name": "http://www.openswan.org/support/vuln/can-2004-0590/",
"refsource": "CONFIRM",
"url": "http://www.openswan.org/support/vuln/can-2004-0590/"
},
{
"name": "GLSA-200406-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200406-20.xml"
},
{
"name": "ipsec-verifyx509cert-auth-bypass(16515)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0590",
"datePublished": "2004-06-30T04:00:00",
"dateReserved": "2004-06-23T00:00:00",
"dateUpdated": "2024-08-08T00:24:27.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17540 (GCVE-0-2018-17540)
Vulnerability from cvelistv5
Published
2018-10-03 20:00
Modified
2024-08-05 10:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:09.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4309",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4309"
},
{
"name": "[debian-lts-announce] 20181002 [SECURITY] [DLA 1528-1] strongswan security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-%28cve-2018-17540%29.html"
},
{
"name": "USN-3774-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3774-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.strongswan.org/security/CVE-2018-17540/"
},
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T00:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4309",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4309"
},
{
"name": "[debian-lts-announce] 20181002 [SECURITY] [DLA 1528-1] strongswan security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-%28cve-2018-17540%29.html"
},
{
"name": "USN-3774-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3774-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.strongswan.org/security/CVE-2018-17540/"
},
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4309",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4309"
},
{
"name": "[debian-lts-announce] 20181002 [SECURITY] [DLA 1528-1] strongswan security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00001.html"
},
{
"name": "https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html"
},
{
"name": "USN-3774-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3774-1/"
},
{
"name": "https://download.strongswan.org/security/CVE-2018-17540/",
"refsource": "CONFIRM",
"url": "https://download.strongswan.org/security/CVE-2018-17540/"
},
{
"name": "GLSA-201811-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"name": "openSUSE-SU-2019:2594",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17540",
"datePublished": "2018-10-03T20:00:00",
"dateReserved": "2018-09-26T00:00:00",
"dateUpdated": "2024-08-05T10:54:09.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3991 (GCVE-0-2015-3991)
Vulnerability from cvelistv5
Published
2017-09-07 20:00
Modified
2024-08-06 06:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-5247",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164276.html"
},
{
"name": "FEDORA-2015-5279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164278.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-%28cve-2015-3991%29.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222815"
},
{
"name": "76861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-5247",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164276.html"
},
{
"name": "FEDORA-2015-5279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164278.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-%28cve-2015-3991%29.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222815"
},
{
"name": "76861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76861"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-5247",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164276.html"
},
{
"name": "FEDORA-2015-5279",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164278.html"
},
{
"name": "https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-(cve-2015-3991).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-(cve-2015-3991).html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222815",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222815"
},
{
"name": "76861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76861"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3991",
"datePublished": "2017-09-07T20:00:00",
"dateReserved": "2015-05-15T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8023 (GCVE-0-2015-8023)
Vulnerability from cvelistv5
Published
2015-11-18 16:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2015:2183",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html"
},
{
"name": "openSUSE-SU-2015:2103",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00139.html"
},
{
"name": "84947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84947"
},
{
"name": "DSA-3398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3398"
},
{
"name": "USN-2811-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2811-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2015:2183",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html"
},
{
"name": "openSUSE-SU-2015:2103",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00139.html"
},
{
"name": "84947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84947"
},
{
"name": "DSA-3398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3398"
},
{
"name": "USN-2811-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2811-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:2183",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00025.html"
},
{
"name": "https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-(cve-2015-8023).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-(cve-2015-8023).html"
},
{
"name": "openSUSE-SU-2015:2103",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00139.html"
},
{
"name": "84947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84947"
},
{
"name": "DSA-3398",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3398"
},
{
"name": "USN-2811-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2811-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8023",
"datePublished": "2015-11-18T16:00:00",
"dateReserved": "2015-10-29T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2944 (GCVE-0-2013-2944)
Vulnerability from cvelistv5
Published
2013-05-02 14:00
Modified
2024-08-06 15:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html"
},
{
"name": "openSUSE-SU-2013:0985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00121.html"
},
{
"name": "DSA-2665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2665"
},
{
"name": "59580",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59580"
},
{
"name": "openSUSE-SU-2013:0774",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00014.html"
},
{
"name": "openSUSE-SU-2013:0873",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-01T18:08:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html"
},
{
"name": "openSUSE-SU-2013:0985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00121.html"
},
{
"name": "DSA-2665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2665"
},
{
"name": "59580",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59580"
},
{
"name": "openSUSE-SU-2013:0774",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00014.html"
},
{
"name": "openSUSE-SU-2013:0873",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-(cve-2013-2944).html",
"refsource": "CONFIRM",
"url": "http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-(cve-2013-2944).html"
},
{
"name": "openSUSE-SU-2013:0985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00121.html"
},
{
"name": "DSA-2665",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2665"
},
{
"name": "59580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59580"
},
{
"name": "openSUSE-SU-2013:0774",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00014.html"
},
{
"name": "openSUSE-SU-2013:0873",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00010.html"
},
{
"name": "http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch",
"refsource": "MISC",
"url": "http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2944",
"datePublished": "2013-05-02T14:00:00",
"dateReserved": "2013-04-11T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2388 (GCVE-0-2012-2388)
Vulnerability from cvelistv5
Published
2012-06-27 21:00
Modified
2024-08-06 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "strongswan-rsa-security-bypass(76013)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76013"
},
{
"name": "1027110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027110"
},
{
"name": "82587",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/82587"
},
{
"name": "49336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49336"
},
{
"name": "49315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49315"
},
{
"name": "53752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html"
},
{
"name": "openSUSE-SU-2012:0691",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00002.html"
},
{
"name": "55051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55051"
},
{
"name": "49370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49370"
},
{
"name": "DSA-2483",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka \"RSA signature verification vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "strongswan-rsa-security-bypass(76013)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76013"
},
{
"name": "1027110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027110"
},
{
"name": "82587",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/82587"
},
{
"name": "49336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49336"
},
{
"name": "49315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49315"
},
{
"name": "53752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html"
},
{
"name": "openSUSE-SU-2012:0691",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00002.html"
},
{
"name": "55051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55051"
},
{
"name": "49370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49370"
},
{
"name": "DSA-2483",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2483"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2388",
"datePublished": "2012-06-27T21:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:24.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2628 (GCVE-0-2010-2628)
Vulnerability from cvelistv5
Published
2010-08-20 17:00
Modified
2024-09-17 03:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2086"
},
{
"name": "[opensuse-updates] 20100810 openSUSE-SU-2010:0496-1 (important): strongswan: fixing snprintf overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html"
},
{
"name": "[users] 20100802 ANNOUNCE: strongswan-4.4.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.strongswan.org/pipermail/users/2010-August/005167.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch"
},
{
"name": "ADV-2010-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2085"
},
{
"name": "1024338",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch"
},
{
"name": "40956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40956"
},
{
"name": "42444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/615915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.strongswan.org/projects/strongswan/wiki/441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-20T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-2086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2086"
},
{
"name": "[opensuse-updates] 20100810 openSUSE-SU-2010:0496-1 (important): strongswan: fixing snprintf overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html"
},
{
"name": "[users] 20100802 ANNOUNCE: strongswan-4.4.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.strongswan.org/pipermail/users/2010-August/005167.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch"
},
{
"name": "ADV-2010-2085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2085"
},
{
"name": "1024338",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch"
},
{
"name": "40956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40956"
},
{
"name": "42444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/615915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.strongswan.org/projects/strongswan/wiki/441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2086",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2086"
},
{
"name": "[opensuse-updates] 20100810 openSUSE-SU-2010:0496-1 (important): strongswan: fixing snprintf overflows",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html"
},
{
"name": "[users] 20100802 ANNOUNCE: strongswan-4.4.1 released",
"refsource": "MLIST",
"url": "https://lists.strongswan.org/pipermail/users/2010-August/005167.html"
},
{
"name": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch"
},
{
"name": "ADV-2010-2085",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2085"
},
{
"name": "1024338",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024338"
},
{
"name": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch"
},
{
"name": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch"
},
{
"name": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch"
},
{
"name": "40956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40956"
},
{
"name": "42444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42444"
},
{
"name": "https://bugzilla.novell.com/615915",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/615915"
},
{
"name": "http://trac.strongswan.org/projects/strongswan/wiki/441",
"refsource": "CONFIRM",
"url": "http://trac.strongswan.org/projects/strongswan/wiki/441"
},
{
"name": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2628",
"datePublished": "2010-08-20T17:00:00Z",
"dateReserved": "2010-07-06T00:00:00Z",
"dateUpdated": "2024-09-17T03:32:52.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1958 (GCVE-0-2009-1958)
Vulnerability from cvelistv5
Published
2009-06-06 18:00
Modified
2024-08-07 05:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:19.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme"
},
{
"name": "35296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35296"
},
{
"name": "36922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36922"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch"
},
{
"name": "[strongSwan] 20090527 [strongSwan] ANNOUNCE: strongSwan 4.3.1 and 4.2.15 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
},
{
"name": "DSA-1899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "35178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35178"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme"
},
{
"name": "35296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35296"
},
{
"name": "36922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36922"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch"
},
{
"name": "[strongSwan] 20090527 [strongSwan] ANNOUNCE: strongSwan 4.3.1 and 4.2.15 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
},
{
"name": "DSA-1899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "35178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35178"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme"
},
{
"name": "35296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35296"
},
{
"name": "36922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36922"
},
{
"name": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch"
},
{
"name": "[strongSwan] 20090527 [strongSwan] ANNOUNCE: strongSwan 4.3.1 and 4.2.15 released",
"refsource": "MLIST",
"url": "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
},
{
"name": "DSA-1899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "35178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35178"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "http://download.strongswan.org/CHANGES4.txt",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/CHANGES4.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1958",
"datePublished": "2009-06-06T18:00:00",
"dateReserved": "2009-06-06T00:00:00",
"dateUpdated": "2024-08-07T05:36:19.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10155 (GCVE-0-2019-10155)
Vulnerability from cvelistv5
Published
2019-06-12 13:51
Modified
2024-08-04 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| the libreswan Project | libreswan |
Version: 3.29 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://libreswan.org/security/CVE-2019-10155/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"
},
{
"name": "FEDORA-2019-f7fb531958",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"
},
{
"name": "FEDORA-2019-1bd9cfb718",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"
},
{
"name": "RHSA-2019:3391",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libreswan",
"vendor": "the libreswan Project",
"versions": [
{
"status": "affected",
"version": "3.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:32",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://libreswan.org/security/CVE-2019-10155/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"
},
{
"name": "FEDORA-2019-f7fb531958",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"
},
{
"name": "FEDORA-2019-1bd9cfb718",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"
},
{
"name": "RHSA-2019:3391",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libreswan",
"version": {
"version_data": [
{
"version_value": "3.29"
}
]
}
}
]
},
"vendor_name": "the libreswan Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://libreswan.org/security/CVE-2019-10155/",
"refsource": "MISC",
"url": "https://libreswan.org/security/CVE-2019-10155/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"
},
{
"name": "FEDORA-2019-f7fb531958",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"
},
{
"name": "FEDORA-2019-1bd9cfb718",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"
},
{
"name": "RHSA-2019:3391",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10155",
"datePublished": "2019-06-12T13:51:01",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1957 (GCVE-0-2009-1957)
Vulnerability from cvelistv5
Published
2009-06-06 18:00
Modified
2024-08-07 05:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:19.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch"
},
{
"name": "36922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36922"
},
{
"name": "[strongSwan] 20090527 [strongSwan] ANNOUNCE: strongSwan 4.3.1 and 4.2.15 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
},
{
"name": "DSA-1899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "35178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35178"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers \"an incomplete state,\" followed by a CREATE_CHILD_SA request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch"
},
{
"name": "36922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36922"
},
{
"name": "[strongSwan] 20090527 [strongSwan] ANNOUNCE: strongSwan 4.3.1 and 4.2.15 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
},
{
"name": "DSA-1899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "35178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35178"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers \"an incomplete state,\" followed by a CREATE_CHILD_SA request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35296"
},
{
"name": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch"
},
{
"name": "36922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36922"
},
{
"name": "[strongSwan] 20090527 [strongSwan] ANNOUNCE: strongSwan 4.3.1 and 4.2.15 released",
"refsource": "MLIST",
"url": "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
},
{
"name": "DSA-1899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "35178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35178"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "http://download.strongswan.org/CHANGES4.txt",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"name": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1957",
"datePublished": "2009-06-06T18:00:00",
"dateReserved": "2009-06-06T00:00:00",
"dateUpdated": "2024-08-07T05:36:19.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6459 (GCVE-0-2018-6459)
Vulnerability from cvelistv5
Published
2018-02-20 15:00
Modified
2024-08-05 06:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-%28cve-2018-6459%29.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T00:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-%28cve-2018-6459%29.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201811-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"name": "https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html"
},
{
"name": "openSUSE-SU-2020:0403",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6459",
"datePublished": "2018-02-20T15:00:00",
"dateReserved": "2018-01-31T00:00:00",
"dateUpdated": "2024-08-05T06:01:49.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26463 (GCVE-0-2023-26463)
Vulnerability from cvelistv5
Published
2023-04-14 00:00
Modified
2025-02-13 16:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230517-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T21:14:51.626150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T21:16:03.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "unknown",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named \"public\" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T19:06:28.635Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"url": "https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230517-0010/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26463",
"datePublished": "2023-04-14T00:00:00.000Z",
"dateReserved": "2023-02-23T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:44:54.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41991 (GCVE-0-2021-41991)
Vulnerability from cvelistv5
Published
2021-10-18 13:44
Modified
2024-08-04 03:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"
},
{
"name": "DSA-4989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4989"
},
{
"name": "[debian-lts-announce] 20211019 [SECURITY] [DLA 2788-1] strongswan security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"
},
{
"name": "FEDORA-2021-0b37146973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"
},
{
"name": "FEDORA-2021-b3df83339e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"
},
{
"name": "FEDORA-2021-95fab6a482",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-08T12:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"
},
{
"name": "DSA-4989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4989"
},
{
"name": "[debian-lts-announce] 20211019 [SECURITY] [DLA 2788-1] strongswan security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"
},
{
"name": "FEDORA-2021-0b37146973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"
},
{
"name": "FEDORA-2021-b3df83339e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"
},
{
"name": "FEDORA-2021-95fab6a482",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/strongswan/strongswan/releases/tag/5.9.4",
"refsource": "MISC",
"url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"
},
{
"name": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html"
},
{
"name": "DSA-4989",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4989"
},
{
"name": "[debian-lts-announce] 20211019 [SECURITY] [DLA 2788-1] strongswan security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"
},
{
"name": "FEDORA-2021-0b37146973",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"
},
{
"name": "FEDORA-2021-b3df83339e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"
},
{
"name": "FEDORA-2021-95fab6a482",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41991",
"datePublished": "2021-10-18T13:44:25",
"dateReserved": "2021-10-04T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5388 (GCVE-0-2018-5388)
Vulnerability from cvelistv5
Published
2018-05-31 00:00
Modified
2024-08-05 05:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strongSwan | strongSwan |
Version: 5.6.3 < 5.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#338343",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/338343"
},
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4"
},
{
"name": "104263",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104263"
},
{
"name": "USN-3771-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "DSA-4229",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "strongSwan",
"vendor": "strongSwan",
"versions": [
{
"lessThan": "5.6.3",
"status": "affected",
"version": "5.6.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Kevin Backhouse for reporting this vulnerability."
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-124",
"description": "CWE-124",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#338343",
"tags": [
"third-party-advisory"
],
"url": "http://www.kb.cert.org/vuls/id/338343"
},
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4"
},
{
"name": "104263",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/104263"
},
{
"name": "USN-3771-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "DSA-4229",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5388",
"datePublished": "2018-05-31T00:00:00",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-08-05T05:33:44.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16151 (GCVE-0-2018-16151)
Vulnerability from cvelistv5
Published
2018-09-26 21:00
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4305",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4305"
},
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1522-1] strongswan security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html"
},
{
"name": "USN-3771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T00:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4305",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4305"
},
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1522-1] strongswan security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html"
},
{
"name": "USN-3771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4305",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4305"
},
{
"name": "GLSA-201811-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"name": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1522-1] strongswan security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html"
},
{
"name": "USN-3771-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "openSUSE-SU-2019:2594",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16151",
"datePublished": "2018-09-26T21:00:00",
"dateReserved": "2018-08-29T00:00:00",
"dateUpdated": "2024-08-05T10:17:37.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41990 (GCVE-0-2021-41990)
Vulnerability from cvelistv5
Published
2021-10-18 13:44
Modified
2024-08-04 03:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41990%29.html"
},
{
"name": "DSA-4989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4989"
},
{
"name": "FEDORA-2021-0b37146973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"
},
{
"name": "FEDORA-2021-b3df83339e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"
},
{
"name": "FEDORA-2021-95fab6a482",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-08T12:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41990%29.html"
},
{
"name": "DSA-4989",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4989"
},
{
"name": "FEDORA-2021-0b37146973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"
},
{
"name": "FEDORA-2021-b3df83339e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"
},
{
"name": "FEDORA-2021-95fab6a482",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/strongswan/strongswan/releases/tag/5.9.4",
"refsource": "MISC",
"url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"
},
{
"name": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html"
},
{
"name": "DSA-4989",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4989"
},
{
"name": "FEDORA-2021-0b37146973",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/"
},
{
"name": "FEDORA-2021-b3df83339e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/"
},
{
"name": "FEDORA-2021-95fab6a482",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41990",
"datePublished": "2021-10-18T13:44:50",
"dateReserved": "2021-10-04T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5018 (GCVE-0-2013-5018)
Vulnerability from cvelistv5
Published
2013-08-28 17:18
Modified
2024-08-06 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54315"
},
{
"name": "61564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61564"
},
{
"name": "54524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54524"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html"
},
{
"name": "openSUSE-SU-2013:1333",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html"
},
{
"name": "openSUSE-SU-2013:1332",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html"
},
{
"name": "[Users] 20130729 [strongSwan] charon crash right after xauth+rsa client connects (strongswan-5.0.4, ubuntu 12.04)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.strongswan.org/pipermail/users/2013-July/009540.html"
},
{
"name": "openSUSE-SU-2013:1372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54315"
},
{
"name": "61564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61564"
},
{
"name": "54524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54524"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html"
},
{
"name": "openSUSE-SU-2013:1333",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html"
},
{
"name": "openSUSE-SU-2013:1332",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html"
},
{
"name": "[Users] 20130729 [strongSwan] charon crash right after xauth+rsa client connects (strongswan-5.0.4, ubuntu 12.04)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.strongswan.org/pipermail/users/2013-July/009540.html"
},
{
"name": "openSUSE-SU-2013:1372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54315"
},
{
"name": "61564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61564"
},
{
"name": "54524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54524"
},
{
"name": "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html",
"refsource": "CONFIRM",
"url": "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html"
},
{
"name": "openSUSE-SU-2013:1333",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html"
},
{
"name": "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html",
"refsource": "CONFIRM",
"url": "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html"
},
{
"name": "openSUSE-SU-2013:1332",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html"
},
{
"name": "[Users] 20130729 [strongSwan] charon crash right after xauth+rsa client connects (strongswan-5.0.4, ubuntu 12.04)",
"refsource": "MLIST",
"url": "https://lists.strongswan.org/pipermail/users/2013-July/009540.html"
},
{
"name": "openSUSE-SU-2013:1372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5018",
"datePublished": "2013-08-28T17:18:00",
"dateReserved": "2013-07-30T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2054 (GCVE-0-2013-2054)
Vulnerability from cvelistv5
Published
2013-07-09 17:00
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Swan-announce] 20130514 CVE-2013-2052: Libreswan remote buffer overflow in atodn()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.libreswan.org/pipermail/swan-announce/2013/000003.html"
},
{
"name": "59837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/security/CVE-2013-2054/CVE-2013-2054.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-09T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Swan-announce] 20130514 CVE-2013-2052: Libreswan remote buffer overflow in atodn()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.libreswan.org/pipermail/swan-announce/2013/000003.html"
},
{
"name": "59837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/security/CVE-2013-2054/CVE-2013-2054.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2054",
"datePublished": "2013-07-09T17:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-08-06T15:20:37.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6075 (GCVE-0-2013-6075)
Vulnerability from cvelistv5
Published
2013-11-02 18:00
Modified
2024-09-16 22:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch"
},
{
"name": "DSA-2789",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an \"insufficient length check\" during identity comparison."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-02T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch"
},
{
"name": "DSA-2789",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an \"insufficient length check\" during identity comparison."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html",
"refsource": "CONFIRM",
"url": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html"
},
{
"name": "http://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch",
"refsource": "MISC",
"url": "http://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch"
},
{
"name": "DSA-2789",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6075",
"datePublished": "2013-11-02T18:00:00Z",
"dateReserved": "2013-10-11T00:00:00Z",
"dateUpdated": "2024-09-16T22:52:14.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2891 (GCVE-0-2014-2891)
Vulnerability from cvelistv5
Published
2014-05-07 10:00
Modified
2024-08-06 10:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59864"
},
{
"name": "DSA-2922",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2922"
},
{
"name": "67212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67212"
},
{
"name": "openSUSE-SU-2014:0697",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html"
},
{
"name": "openSUSE-SU-2014:0700",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59864"
},
{
"name": "DSA-2922",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2922"
},
{
"name": "67212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67212"
},
{
"name": "openSUSE-SU-2014:0697",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html"
},
{
"name": "openSUSE-SU-2014:0700",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59864"
},
{
"name": "DSA-2922",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2922"
},
{
"name": "67212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67212"
},
{
"name": "openSUSE-SU-2014:0697",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html"
},
{
"name": "openSUSE-SU-2014:0700",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html"
},
{
"name": "http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-(cve-2014-2891).html",
"refsource": "CONFIRM",
"url": "http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-(cve-2014-2891).html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2891",
"datePublished": "2014-05-07T10:00:00",
"dateReserved": "2014-04-17T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4171 (GCVE-0-2015-4171)
Vulnerability from cvelistv5
Published
2015-06-10 18:00
Modified
2024-08-06 06:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:03.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032514"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html"
},
{
"name": "openSUSE-SU-2015:1082",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html"
},
{
"name": "[oss-security] 20150608 Re: StrongSwan VPN client for Android leaks username to rouge server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2015-4171.html"
},
{
"name": "[oss-security] 20150529 StrongSwan VPN client for Android leaks username to rouge server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/29/6"
},
{
"name": "[oss-security] 20150529 Re: StrongSwan VPN client for Android leaks username to rouge server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/29/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=org.strongswan.android"
},
{
"name": "USN-2628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2628-1"
},
{
"name": "DSA-3282",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3282"
},
{
"name": "74933",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74933"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=933591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-07T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1032514",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032514"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html"
},
{
"name": "openSUSE-SU-2015:1082",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html"
},
{
"name": "[oss-security] 20150608 Re: StrongSwan VPN client for Android leaks username to rouge server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/security/cve/CVE-2015-4171.html"
},
{
"name": "[oss-security] 20150529 StrongSwan VPN client for Android leaks username to rouge server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/29/6"
},
{
"name": "[oss-security] 20150529 Re: StrongSwan VPN client for Android leaks username to rouge server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/29/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://play.google.com/store/apps/details?id=org.strongswan.android"
},
{
"name": "USN-2628-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2628-1"
},
{
"name": "DSA-3282",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3282"
},
{
"name": "74933",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74933"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=933591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032514"
},
{
"name": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html"
},
{
"name": "openSUSE-SU-2015:1082",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html"
},
{
"name": "[oss-security] 20150608 Re: StrongSwan VPN client for Android leaks username to rouge server",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/4"
},
{
"name": "https://www.suse.com/security/cve/CVE-2015-4171.html",
"refsource": "CONFIRM",
"url": "https://www.suse.com/security/cve/CVE-2015-4171.html"
},
{
"name": "[oss-security] 20150529 StrongSwan VPN client for Android leaks username to rouge server",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/29/6"
},
{
"name": "[oss-security] 20150529 Re: StrongSwan VPN client for Android leaks username to rouge server",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/29/7"
},
{
"name": "https://play.google.com/store/apps/details?id=org.strongswan.android",
"refsource": "CONFIRM",
"url": "https://play.google.com/store/apps/details?id=org.strongswan.android"
},
{
"name": "USN-2628-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2628-1"
},
{
"name": "DSA-3282",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3282"
},
{
"name": "74933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74933"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=933591",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=933591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4171",
"datePublished": "2015-06-10T18:00:00",
"dateReserved": "2015-06-02T00:00:00",
"dateUpdated": "2024-08-06T06:04:03.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16152 (GCVE-0-2018-16152)
Vulnerability from cvelistv5
Published
2018-09-26 21:00
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4305",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4305"
},
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1522-1] strongswan security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html"
},
{
"name": "USN-3771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T00:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4305",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4305"
},
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1522-1] strongswan security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html"
},
{
"name": "USN-3771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4305",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4305"
},
{
"name": "GLSA-201811-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"name": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html"
},
{
"name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1522-1] strongswan security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html"
},
{
"name": "USN-3771-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "openSUSE-SU-2019:2594",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16152",
"datePublished": "2018-09-26T21:00:00",
"dateReserved": "2018-08-29T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11185 (GCVE-0-2017-11185)
Vulnerability from cvelistv5
Published
2017-08-18 17:00
Modified
2024-08-05 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:58.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100492"
},
{
"name": "DSA-3962",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3962"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100492"
},
{
"name": "DSA-3962",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3962"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100492"
},
{
"name": "DSA-3962",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3962"
},
{
"name": "https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11185",
"datePublished": "2017-08-18T17:00:00",
"dateReserved": "2017-07-12T00:00:00",
"dateUpdated": "2024-08-05T17:57:58.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45079 (GCVE-0-2021-45079)
Vulnerability from cvelistv5
Published
2022-01-31 07:15
Modified
2024-08-04 04:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-%28cve-2021-45079%29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-31T07:15:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-%28cve-2021-45079%29.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html",
"refsource": "MISC",
"url": "https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45079",
"datePublished": "2022-01-31T07:15:52",
"dateReserved": "2021-12-16T00:00:00",
"dateUpdated": "2024-08-04T04:32:13.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40617 (GCVE-0-2022-40617)
Vulnerability from cvelistv5
Published
2022-10-31 00:00
Modified
2025-05-06 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html"
},
{
"name": "FEDORA-2022-525510c815",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T18:29:17.347190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T18:29:51.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker\u0027s control) that doesn\u0027t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html"
},
{
"name": "FEDORA-2022-525510c815",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40617",
"datePublished": "2022-10-31T00:00:00.000Z",
"dateReserved": "2022-09-12T00:00:00.000Z",
"dateUpdated": "2025-05-06T18:29:51.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9221 (GCVE-0-2014-9221)
Vulnerability from cvelistv5
Published
2015-01-07 19:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html"
},
{
"name": "USN-2450-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2450-1"
},
{
"name": "DSA-3118",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3118"
},
{
"name": "62071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62071"
},
{
"name": "FEDORA-2015-3043",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html"
},
{
"name": "62663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62663"
},
{
"name": "openSUSE-SU-2015:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html"
},
{
"name": "62083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62083"
},
{
"name": "71894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html"
},
{
"name": "USN-2450-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2450-1"
},
{
"name": "DSA-3118",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3118"
},
{
"name": "62071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62071"
},
{
"name": "FEDORA-2015-3043",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html"
},
{
"name": "62663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62663"
},
{
"name": "openSUSE-SU-2015:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html"
},
{
"name": "62083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62083"
},
{
"name": "71894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62095"
},
{
"name": "http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-(cve-2014-9221).html",
"refsource": "CONFIRM",
"url": "http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-(cve-2014-9221).html"
},
{
"name": "USN-2450-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2450-1"
},
{
"name": "DSA-3118",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3118"
},
{
"name": "62071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62071"
},
{
"name": "FEDORA-2015-3043",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html"
},
{
"name": "62663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62663"
},
{
"name": "openSUSE-SU-2015:0114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html"
},
{
"name": "http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html",
"refsource": "CONFIRM",
"url": "http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html"
},
{
"name": "62083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62083"
},
{
"name": "71894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9221",
"datePublished": "2015-01-07T19:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41913 (GCVE-0-2023-41913)
Vulnerability from cvelistv5
Published
2023-12-07 00:00
Modified
2025-01-17 20:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-17T20:02:49.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html"
},
{
"name": "FEDORA-2024-6712c699fc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPJZPYHBCRXUQGGKQE6TYH4J4RIJH6HO/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250117-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm\u0027s DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T03:06:10.932748",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"url": "https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html"
},
{
"name": "FEDORA-2024-6712c699fc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPJZPYHBCRXUQGGKQE6TYH4J4RIJH6HO/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41913",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-09-05T00:00:00",
"dateUpdated": "2025-01-17T20:02:49.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2185 (GCVE-0-2009-2185)
Vulnerability from cvelistv5
Published
2009-06-24 23:00
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1639",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1639"
},
{
"name": "35740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingate.com/Relnote.php?ver=481"
},
{
"name": "1022428",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022428"
},
{
"name": "RHSA-2009:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1138.html"
},
{
"name": "ADV-2009-1706",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1706"
},
{
"name": "oval:org.mitre.oval:def:11079",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079"
},
{
"name": "36950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36950"
},
{
"name": "35522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35522"
},
{
"name": "36922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36922"
},
{
"name": "37504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37504"
},
{
"name": "DSA-1899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "35452",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35452"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/CHANGES42.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/CHANGES2.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2009/07/up2date_7404_released.html"
},
{
"name": "DSA-1898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1898"
},
{
"name": "ADV-2009-1829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1829"
},
{
"name": "FEDORA-2009-7478",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html"
},
{
"name": "35698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35698"
},
{
"name": "ADV-2009-3354",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"name": "FEDORA-2009-7423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html"
},
{
"name": "35804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1639",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1639"
},
{
"name": "35740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingate.com/Relnote.php?ver=481"
},
{
"name": "1022428",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022428"
},
{
"name": "RHSA-2009:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1138.html"
},
{
"name": "ADV-2009-1706",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1706"
},
{
"name": "oval:org.mitre.oval:def:11079",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079"
},
{
"name": "36950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36950"
},
{
"name": "35522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35522"
},
{
"name": "36922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36922"
},
{
"name": "37504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37504"
},
{
"name": "DSA-1899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "35452",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35452"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/CHANGES42.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/CHANGES2.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2009/07/up2date_7404_released.html"
},
{
"name": "DSA-1898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1898"
},
{
"name": "ADV-2009-1829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1829"
},
{
"name": "FEDORA-2009-7478",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html"
},
{
"name": "35698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35698"
},
{
"name": "ADV-2009-3354",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"name": "FEDORA-2009-7423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html"
},
{
"name": "35804",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1639",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1639"
},
{
"name": "35740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35740"
},
{
"name": "http://www.ingate.com/Relnote.php?ver=481",
"refsource": "CONFIRM",
"url": "http://www.ingate.com/Relnote.php?ver=481"
},
{
"name": "1022428",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022428"
},
{
"name": "RHSA-2009:1138",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1138.html"
},
{
"name": "ADV-2009-1706",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1706"
},
{
"name": "oval:org.mitre.oval:def:11079",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079"
},
{
"name": "36950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36950"
},
{
"name": "35522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35522"
},
{
"name": "36922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36922"
},
{
"name": "37504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37504"
},
{
"name": "DSA-1899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "35452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35452"
},
{
"name": "http://download.strongswan.org/CHANGES42.txt",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/CHANGES42.txt"
},
{
"name": "http://download.strongswan.org/CHANGES2.txt",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/CHANGES2.txt"
},
{
"name": "http://up2date.astaro.com/2009/07/up2date_7404_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2009/07/up2date_7404_released.html"
},
{
"name": "DSA-1898",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1898"
},
{
"name": "ADV-2009-1829",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1829"
},
{
"name": "FEDORA-2009-7478",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html"
},
{
"name": "35698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35698"
},
{
"name": "ADV-2009-3354",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"name": "http://download.strongswan.org/CHANGES4.txt",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"name": "FEDORA-2009-7423",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html"
},
{
"name": "35804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2185",
"datePublished": "2009-06-24T23:00:00",
"dateReserved": "2009-06-24T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10811 (GCVE-0-2018-10811)
Vulnerability from cvelistv5
Published
2018-06-19 21:00
Modified
2024-08-05 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-%28cve-2018-10811%29.html"
},
{
"name": "FEDORA-2018-0de3edbdea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBO6ZQKLB5RY3TV7MXADFTQKXA2LUEIL/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.strongswan.org/security/CVE-2018-10811/"
},
{
"name": "USN-3771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "DSA-4229",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T00:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-%28cve-2018-10811%29.html"
},
{
"name": "FEDORA-2018-0de3edbdea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBO6ZQKLB5RY3TV7MXADFTQKXA2LUEIL/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.strongswan.org/security/CVE-2018-10811/"
},
{
"name": "USN-3771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "DSA-4229",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201811-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"name": "https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-10811).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-10811).html"
},
{
"name": "FEDORA-2018-0de3edbdea",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBO6ZQKLB5RY3TV7MXADFTQKXA2LUEIL/"
},
{
"name": "https://download.strongswan.org/security/CVE-2018-10811/",
"refsource": "CONFIRM",
"url": "https://download.strongswan.org/security/CVE-2018-10811/"
},
{
"name": "USN-3771-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "DSA-4229",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"name": "openSUSE-SU-2019:2594",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10811",
"datePublished": "2018-06-19T21:00:00",
"dateReserved": "2018-05-08T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2338 (GCVE-0-2014-2338)
Vulnerability from cvelistv5
Published
2014-04-16 18:00
Modified
2024-08-06 10:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0697",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html"
},
{
"name": "SUSE-SU-2014:0529",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0700",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html"
},
{
"name": "DSA-2903",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2903"
},
{
"name": "57823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57823"
},
{
"name": "66815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:0697",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html"
},
{
"name": "SUSE-SU-2014:0529",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0700",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html"
},
{
"name": "DSA-2903",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2903"
},
{
"name": "57823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57823"
},
{
"name": "66815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0697",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html"
},
{
"name": "SUSE-SU-2014:0529",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0700",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html"
},
{
"name": "DSA-2903",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2903"
},
{
"name": "57823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57823"
},
{
"name": "66815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66815"
},
{
"name": "http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html",
"refsource": "CONFIRM",
"url": "http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2338",
"datePublished": "2014-04-16T18:00:00",
"dateReserved": "2014-03-12T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2661 (GCVE-0-2009-2661)
Vulnerability from cvelistv5
Published
2009-08-04 16:13
Modified
2024-08-07 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090727 CVE id request: strongswan",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/07/27/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "36922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36922"
},
{
"name": "DSA-1899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "ADV-2009-2247",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2247"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"
},
{
"name": "SUSE-SR:2009:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch"
},
{
"name": "[Announce] 20090723 ANNOUNCE: strongswan-2.8.11 and strongswan-4.2.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.strongswan.org/pipermail/announce/2009-July/000056.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090727 CVE id request: strongswan",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/07/27/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "36922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36922"
},
{
"name": "DSA-1899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "ADV-2009-2247",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2247"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"
},
{
"name": "SUSE-SR:2009:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch"
},
{
"name": "[Announce] 20090723 ANNOUNCE: strongswan-2.8.11 and strongswan-4.2.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.strongswan.org/pipermail/announce/2009-July/000056.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090727 CVE id request: strongswan",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/07/27/1"
},
{
"name": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch"
},
{
"name": "SUSE-SR:2009:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "36922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36922"
},
{
"name": "DSA-1899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "ADV-2009-2247",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2247"
},
{
"name": "http://up2date.astaro.com/2009/08/up2date_7505_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"
},
{
"name": "SUSE-SR:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"name": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch"
},
{
"name": "[Announce] 20090723 ANNOUNCE: strongswan-2.8.11 and strongswan-4.2.17 released",
"refsource": "MLIST",
"url": "https://lists.strongswan.org/pipermail/announce/2009-July/000056.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2661",
"datePublished": "2009-08-04T16:13:00",
"dateReserved": "2009-08-04T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9022 (GCVE-0-2017-9022)
Vulnerability from cvelistv5
Published
2017-06-08 16:00
Modified
2024-08-05 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:21.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html"
},
{
"name": "DSA-3866",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"name": "98760",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98760"
},
{
"name": "USN-3301-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3301-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-08T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html"
},
{
"name": "DSA-3866",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"name": "98760",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98760"
},
{
"name": "USN-3301-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3301-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html"
},
{
"name": "DSA-3866",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"name": "98760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98760"
},
{
"name": "USN-3301-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3301-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9022",
"datePublished": "2017-06-08T16:00:00",
"dateReserved": "2017-05-16T00:00:00",
"dateUpdated": "2024-08-05T16:55:21.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9023 (GCVE-0-2017-9023)
Vulnerability from cvelistv5
Published
2017-06-08 16:00
Modified
2024-08-05 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:21.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98756"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html"
},
{
"name": "DSA-3866",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"name": "USN-3301-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3301-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-08T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98756"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html"
},
{
"name": "DSA-3866",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"name": "USN-3301-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3301-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98756"
},
{
"name": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html"
},
{
"name": "DSA-3866",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"name": "USN-3301-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3301-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9023",
"datePublished": "2017-06-08T16:00:00",
"dateReserved": "2017-05-16T00:00:00",
"dateUpdated": "2024-08-05T16:55:21.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0790 (GCVE-0-2009-0790)
Vulnerability from cvelistv5
Published
2009-04-01 10:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openswan-strongswan-dpd-dos(49523)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49523"
},
{
"name": "34494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34494"
},
{
"name": "oval:org.mitre.oval:def:11171",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11171"
},
{
"name": "34472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34472"
},
{
"name": "DSA-1759",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1759"
},
{
"name": "ADV-2009-0886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0886"
},
{
"name": "1021949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021949"
},
{
"name": "34546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34546"
},
{
"name": "20090330 CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan \u0026 Strongswan IPsec",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502270/100/0/threaded"
},
{
"name": "34483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openswan.org/CVE-2009-0790/CVE-2009-0790.txt"
},
{
"name": "1021950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "RHSA-2009:0402",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0402.html"
},
{
"name": "DSA-1760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1760"
},
{
"name": "34296",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34296"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openswan-strongswan-dpd-dos(49523)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49523"
},
{
"name": "34494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34494"
},
{
"name": "oval:org.mitre.oval:def:11171",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11171"
},
{
"name": "34472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34472"
},
{
"name": "DSA-1759",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1759"
},
{
"name": "ADV-2009-0886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0886"
},
{
"name": "1021949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021949"
},
{
"name": "34546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34546"
},
{
"name": "20090330 CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan \u0026 Strongswan IPsec",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502270/100/0/threaded"
},
{
"name": "34483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openswan.org/CVE-2009-0790/CVE-2009-0790.txt"
},
{
"name": "1021950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "RHSA-2009:0402",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0402.html"
},
{
"name": "DSA-1760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1760"
},
{
"name": "34296",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34296"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0790",
"datePublished": "2009-04-01T10:00:00",
"dateReserved": "2009-03-04T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6076 (GCVE-0-2013-6076)
Vulnerability from cvelistv5
Published
2013-11-02 18:00
Modified
2024-09-16 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-02T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html",
"refsource": "CONFIRM",
"url": "http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6076",
"datePublished": "2013-11-02T18:00:00Z",
"dateReserved": "2013-10-11T00:00:00Z",
"dateUpdated": "2024-09-16T19:46:38.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4551 (GCVE-0-2008-4551)
Vulnerability from cvelistv5
Published
2008-10-14 19:00
Modified
2024-08-07 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2660"
},
{
"name": "1020903",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020903"
},
{
"name": "31291",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.mudynamics.com/advisories/MU-200809-01.txt"
},
{
"name": "31963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31963"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2660"
},
{
"name": "1020903",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020903"
},
{
"name": "31291",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.mudynamics.com/advisories/MU-200809-01.txt"
},
{
"name": "31963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31963"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.strongswan.org/CHANGES4.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2660",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2660"
},
{
"name": "1020903",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020903"
},
{
"name": "31291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31291"
},
{
"name": "http://labs.mudynamics.com/advisories/MU-200809-01.txt",
"refsource": "MISC",
"url": "http://labs.mudynamics.com/advisories/MU-200809-01.txt"
},
{
"name": "31963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31963"
},
{
"name": "http://download.strongswan.org/CHANGES4.txt",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/CHANGES4.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4551",
"datePublished": "2008-10-14T19:00:00",
"dateReserved": "2008-10-14T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5389 (GCVE-0-2018-5389)
Vulnerability from cvelistv5
Published
2018-09-06 21:00
Modified
2024-08-05 05:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strongSwan | Strongswan |
Version: 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/857035"
},
{
"tags": [
"x_transferred"
],
"url": "https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key"
},
{
"tags": [
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K42378447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Strongswan",
"vendor": "strongSwan",
"versions": [
{
"status": "affected",
"version": "5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-521 Weak Password Requirements",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T19:08:15.699Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf"
},
{
"url": "https://www.kb.cert.org/vuls/id/857035"
},
{
"url": "https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html"
},
{
"url": "https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key"
},
{
"url": "https://my.f5.com/manage/s/article/K42378447"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2018-5389",
"x_generator": {
"engine": "VINCE 3.0.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2018-5389"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5389",
"datePublished": "2018-09-06T21:00:00",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-08-05T05:33:44.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}