Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open source IPsec implementation
Version 5.9.7-1 [community]


Group Affected Fixed Severity Status Ticket
AVG-2473 5.9.3-1 5.9.4-1 Medium Fixed
AVG-769 5.6.3-1 5.7.0-1 High Fixed
AVG-710 5.6.2-1 5.6.2-2 Low Fixed FS#58719
AVG-625 5.6.1-1 5.6.2-1 Medium Fixed FS#57597
AVG-382 5.5.3-3 5.5.3-4 Low Fixed
Issue Group Severity Remote Type Description
CVE-2021-41991 AVG-2473 Medium Yes Arbitrary code execution
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill...
CVE-2021-41990 AVG-2473 Medium Yes Denial of service
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be...
CVE-2018-16152 AVG-769 High Yes Authentication bypass
The algorithmIdentifier structure on a PKCS#1.5 signature contains an optional parameters field. While none of the algorithms used with PKCS#1 use...
CVE-2018-16151 AVG-769 High Yes Authentication bypass
The OID parser allows any number of random bytes after a valid OID for a PKCS#1.5 signature. The asn1_known_oid() function just parses until it finds a leaf...
CVE-2018-6459 AVG-625 Medium Yes Denial of service
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c before strongSwan 5.6.2 allows remote attackers to cause a denial of...
CVE-2018-5388 AVG-710 Low No Denial of service
strongSwan VPN's charon server prior to version 5.6.3 is missing a packet length check in stroke_socket.c, allowing a buffer overflow which may lead to...
CVE-2017-11185 AVG-382 Low Yes Denial of service
Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures, which requires decryption with...


Date Advisory Group Severity Type
24 Sep 2018 ASA-201809-4 AVG-769 High authentication bypass
26 May 2018 ASA-201805-26 AVG-710 Low denial of service
21 Feb 2018 ASA-201802-10 AVG-625 Medium denial of service
14 Aug 2017 ASA-201708-13 AVG-382 Low denial of service