CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-40617 – Gentoo Linux Security Advisory 202405-08
https://notcve.org/view.php?id=CVE-2022-40617
04 Oct 2022 — strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. strongSwan anterior a 5.9.8 permite a atacantes remotos provocar una Denegación de Servicio en el complemento d... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L • CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10155 – libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check
https://notcve.org/view.php?id=CVE-2019-10155
12 Jun 2019 — The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29. Se ha encontrado una vulnerabilidad en el proyecto The Libreswan en el procesador de IKEv1 Los paquetes de intercambio informativo IKEv1 que están cifrados y protegidos por integridad utilizando las... • https://access.redhat.com/errata/RHSA-2019:3391 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2018-17540 – Gentoo Linux Security Advisory 201811-16
https://notcve.org/view.php?id=CVE-2018-17540
02 Oct 2018 — The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. El plugin gmp en strongSwan en versiones anteriores a la 5.7.1 tiene un desbordamiento de búfer mediante un certificado manipulado. It was discovered that strongSwan incorrectly handled signature validation in the gmp plugin. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-5388 – strongSwan VPN Charon Server Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-5388
31 May 2018 — In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. En stroke_socket.c en strongSwan en versiones anteriores a la 5.6.3, la ausencia de comprobaciones de la longitud de los paquetes podría permitir un desbordamiento del búfer, lo que puede conducir al agotamiento del recurso y a la denegación de servicio mientras se lee desde el socket. It was discovered that st... • https://packetstorm.news/files/id/172833 • CWE-124: Buffer Underwrite ('Buffer Underflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11185 – Debian Security Advisory 3962-1
https://notcve.org/view.php?id=CVE-2017-11185
18 Aug 2017 — The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. El plugin gmp en strongSwan en versiones anteriores a la 5.6.0 permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y daemon crash) mediante una firma RSA manipulada. A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project. • http://www.debian.org/security/2017/dsa-3962 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9023 – Debian Security Advisory 3866-1
https://notcve.org/view.php?id=CVE-2017-9023
30 May 2017 — The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. El analizador ASN.1 en strongSwan anterior a versión 5.5.3, maneja inapropiadamente los tipos CHOICE cuando el plugin x509 está habilitado, lo que permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de un certificado diseñado. It was discovered that the strong... • http://www.debian.org/security/2017/dsa-3866 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2017-9022 – Debian Security Advisory 3866-1
https://notcve.org/view.php?id=CVE-2017-9022
30 May 2017 — The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. El plugin gmp en strnogSwan anterior a 5.5.3 no valida adecuadamente las claves públicas RSA tras la llamada mpz_powm_sec, lo que podría permitir a peers remotos causar una denegación de servicio (excepción de punto flotante y cierre inesperado del proceso) a través de u... • http://www.debian.org/security/2017/dsa-3866 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 0CVE-2014-2891 – Debian Security Advisory 2922-1
https://notcve.org/view.php?id=CVE-2014-2891
06 May 2014 — strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. strongSwan en versiones anteriores a 5.1.2 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero null y una caída del demonio IKE) a través de un payload IDER_ASN1_DN ID manipulado. Two vulnerabilities have been found in strongSwan, possibly resulting in Denial of Service or a bypass in authentication restriction... • http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html •
CVSS: 9.8EPSS: 3%CPEs: 96EXPL: 0CVE-2013-2054 – Gentoo Linux Security Advisory 201309-02
https://notcve.org/view.php?id=CVE-2013-2054
09 Jul 2013 — Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054. Desbordamiento de buffer en la función atodn en strongSwan v2.0.0 hasta v4.3.4, cuando está activada "Opportunistic Encryption" y se usa una clave... • http://download.strongswan.org/security/CVE-2013-2054/CVE-2013-2054.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 24EXPL: 0CVE-2009-2661
https://notcve.org/view.php?id=CVE-2009-2661
04 Aug 2009 — The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185. La función asn1_length en strongSwan 2.8 antes de 2.8.11, 4.2 antes de 4.2.17 y 4.3 antes de 4.3.3 no maneja adecuadamente certificados X.509 con Relati... • http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch • CWE-310: Cryptographic Issues •