2 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. strongSwan anterior a 5.9.12 tiene un desbordamiento del búfer y una posible ejecución remota de código no autenticado a través de un valor público DH que excede el búfer interno en el proxy DH de charon-tkm. La primera versión afectada es la 5.3.0. Un ataque puede ocurrir a través de un mensaje IKE_SA_INIT manipulado. • https://github.com/strongswan/strongswan/releases https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPJZPYHBCRXUQGGKQE6TYH4J4RIJH6HO https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. • https://github.com/strongswan/strongswan/releases https://security.netapp.com/advisory/ntap-20230517-0010 https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html • CWE-295: Improper Certificate Validation CWE-476: NULL Pointer Dereference •