RSS   Vulnerabilities for 'Strongswan'   RSS

2023-12-07
 
CVE-2023-41913

CWE-120
 

 
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

 
2022-01-31
 
CVE-2021-45079

CWE-287
 

 
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

 
2021-10-18
 
CVE-2021-41990

CWE-190
 

 
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

 
 
CVE-2021-41991

CWE-190
 

 
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

 
2019-06-12
 
CVE-2019-10155

CWE-20
 

 
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

 
2018-10-03
 
CVE-2018-17540

CWE-119
 

 
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.

 
2018-09-26
 
CVE-2018-16152

CWE-347
 

 
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.

 
 
CVE-2018-16151

CWE-347
 

 
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

 
2018-06-19
 
CVE-2018-10811

CWE-665
 

 
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.

 
2018-05-31
 
CVE-2018-5388

CWE-787
 

 
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

 


Copyright 2024, cxsecurity.com

 

Back to Top