CVE-2018-5388 log

Severity Low
Remote No
Type Denial of service
strongSwan VPN's charon server prior to version 5.6.3 is missing a packet length check in stroke_socket.c, allowing a buffer overflow which may lead to resource exhaustion and denial of service while reading from the socket.
According to the vendor, an attacker must typically have local root permissions to access the socket. However, other accounts and groups such as the vpn group (if capability dropping in enabled, for example) may also have sufficient permissions, but this configuration does not appear to be the default behavior.
Group Package Affected Fixed Severity Status Ticket
AVG-710 strongswan 5.6.2-1 5.6.2-2 Low Fixed FS#58719
Date Advisory Group Package Severity Type
26 May 2018 ASA-201805-26 AVG-710 strongswan Low denial of service