CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 2CVE-2026-25075 – strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
https://notcve.org/view.php?id=CVE-2026-25075
23 Mar 2026 — strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon. Las versiones de strongSwan 4.5.0 anteriores a la 6.0.5 cont... • https://www.strongswan.org/blog/2026/03/23/strongswan-6.0.5-released.html • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-476: NULL Pointer Dereference •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25998 – strongMan vulnerable to private credential recovery due to key and counter reuse
https://notcve.org/view.php?id=CVE-2026-25998
19 Feb 2026 — strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (private keys, EAP secrets), strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization vector (IV), a key stream is generated to encrypt the data in the database fields. But because strongMan did not generate individual IVs, every database field was encrypted using the same key stream. • https://github.com/strongswan/strongMan/security/advisories/GHSA-88w4-jv97-c8xr • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-1204: Generation of Weak Initialization Vector (IV) •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62291 – Ubuntu Security Notice USN-7841-1
https://notcve.org/view.php?id=CVE-2025-62291
27 Oct 2025 — In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. Xu Biang discovered a buffer overflow bug in the eap-mschapv2 plugin of strongSwan, an IKE/IPsec suite. The eap-mschapv2 plugin doesn't correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a c... • https://github.com/strongswan/strongswan/commits/master/src/libcharon/plugins/eap_mschapv2 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4967 – Ubuntu Security Notice USN-6772-1
https://notcve.org/view.php?id=CVE-2022-4967
13 May 2024 — strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions... • https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136 •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2023-41913 – Debian Security Advisory 5560-1
https://notcve.org/view.php?id=CVE-2023-41913
21 Nov 2023 — strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. strongSwan anterior a 5.9.12 tiene un desbordamiento del búfer y una posible ejecución remota de código no autenticado a través de un valor público DH que excede el búfer interno en el proxy DH de charon-tkm. La primera versión afectada e... • https://github.com/strongswan/strongswan/releases • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 11%CPEs: 2EXPL: 0CVE-2023-26463 – Gentoo Linux Security Advisory 202405-08
https://notcve.org/view.php?id=CVE-2023-26463
14 Apr 2023 — strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. • https://github.com/strongswan/strongswan/releases • CWE-295: Improper Certificate Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-40617 – Gentoo Linux Security Advisory 202405-08
https://notcve.org/view.php?id=CVE-2022-40617
04 Oct 2022 — strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. strongSwan anterior a 5.9.8 permite a atacantes remotos provocar una Denegación de Servicio en el complemento d... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2021-45079 – Gentoo Linux Security Advisory 202405-08
https://notcve.org/view.php?id=CVE-2021-45079
25 Jan 2022 — In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. En strongSwan versiones anteriores a 5.9.5, un respondedor malicioso puede enviar un mensaje EAP-Success demasiado pronto sin autenticar realmente al cliente y (en el caso de los métodos EAP con autenticación mutua y autenticación sólo EAP par... • https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-%28cve-2021-45079%29.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 40EXPL: 0CVE-2021-41990 – Ubuntu Security Notice USN-5111-1
https://notcve.org/view.php?id=CVE-2021-41990
18 Oct 2021 — The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur. El plugin gmp en strongSwan versiones anteriores a 5.9.4, presenta un desbordamiento de enteros remoto por medio de un certificado diseñado con una firma RSASSA-PSS. Por ejemplo, esto puede ser desencadenado por un certificado de CA autofirmado no ... • https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 2%CPEs: 50EXPL: 0CVE-2021-41991 – Gentoo Linux Security Advisory 202405-08
https://notcve.org/view.php?id=CVE-2021-41991
18 Oct 2021 — The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. La caché de certificados en memoria en strongSwan versiones anteriores a 5.9.4, presenta un desbordamiento de ente... • https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf • CWE-190: Integer Overflow or Wraparound •