CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-40617 – Gentoo Linux Security Advisory 202405-08
https://notcve.org/view.php?id=CVE-2022-40617
04 Oct 2022 — strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. strongSwan anterior a 5.9.8 permite a atacantes remotos provocar una Denegación de Servicio en el complemento d... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2021-45079 – Gentoo Linux Security Advisory 202405-08
https://notcve.org/view.php?id=CVE-2021-45079
25 Jan 2022 — In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. En strongSwan versiones anteriores a 5.9.5, un respondedor malicioso puede enviar un mensaje EAP-Success demasiado pronto sin autenticar realmente al cliente y (en el caso de los métodos EAP con autenticación mutua y autenticación sólo EAP par... • https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-%28cve-2021-45079%29.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 50EXPL: 0CVE-2021-41991 – Gentoo Linux Security Advisory 202405-08
https://notcve.org/view.php?id=CVE-2021-41991
18 Oct 2021 — The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. La caché de certificados en memoria en strongSwan versiones anteriores a 5.9.4, presenta un desbordamiento de ente... • https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2018-17540 – Gentoo Linux Security Advisory 201811-16
https://notcve.org/view.php?id=CVE-2018-17540
02 Oct 2018 — The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. El plugin gmp en strongSwan en versiones anteriores a la 5.7.1 tiene un desbordamiento de búfer mediante un certificado manipulado. It was discovered that strongSwan incorrectly handled signature validation in the gmp plugin. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2018-16152 – Gentoo Linux Security Advisory 201811-16
https://notcve.org/view.php?id=CVE-2018-16152
25 Sep 2018 — In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. En v... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2018-16151 – Gentoo Linux Security Advisory 201811-16
https://notcve.org/view.php?id=CVE-2018-16151
25 Sep 2018 — In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 auth... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.5EPSS: 5%CPEs: 6EXPL: 1CVE-2018-5388 – strongSwan VPN Charon Server Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-5388
31 May 2018 — In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. En stroke_socket.c en strongSwan en versiones anteriores a la 5.6.3, la ausencia de comprobaciones de la longitud de los paquetes podría permitir un desbordamiento del búfer, lo que puede conducir al agotamiento del recurso y a la denegación de servicio mientras se lee desde el socket. It was discovered that st... • https://packetstorm.news/files/id/172833 • CWE-124: Buffer Underwrite ('Buffer Underflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11185 – Debian Security Advisory 3962-1
https://notcve.org/view.php?id=CVE-2017-11185
18 Aug 2017 — The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. El plugin gmp en strongSwan en versiones anteriores a la 5.6.0 permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y daemon crash) mediante una firma RSA manipulada. A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project. • http://www.debian.org/security/2017/dsa-3962 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9023 – Debian Security Advisory 3866-1
https://notcve.org/view.php?id=CVE-2017-9023
30 May 2017 — The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. El analizador ASN.1 en strongSwan anterior a versión 5.5.3, maneja inapropiadamente los tipos CHOICE cuando el plugin x509 está habilitado, lo que permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de un certificado diseñado. It was discovered that the strong... • http://www.debian.org/security/2017/dsa-3866 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-9022 – Debian Security Advisory 3866-1
https://notcve.org/view.php?id=CVE-2017-9022
30 May 2017 — The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. El plugin gmp en strnogSwan anterior a 5.5.3 no valida adecuadamente las claves públicas RSA tras la llamada mpz_powm_sec, lo que podría permitir a peers remotos causar una denegación de servicio (excepción de punto flotante y cierre inesperado del proceso) a través de u... • http://www.debian.org/security/2017/dsa-3866 • CWE-20: Improper Input Validation •