strongswan

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open source IPsec implementation
Version 5.9.14-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2814 5.9.7-1 5.9.8-1 Unknown Fixed
AVG-2473 5.9.3-1 5.9.4-1 Medium Fixed
AVG-769 5.6.3-1 5.7.0-1 High Fixed
AVG-710 5.6.2-1 5.6.2-2 Low Fixed FS#58719
AVG-625 5.6.1-1 5.6.2-1 Medium Fixed FS#57597
AVG-382 5.5.3-3 5.5.3-4 Low Fixed
Issue Group Severity Remote Type Description
CVE-2022-40617 AVG-2814 Unknown Unknown Unknown Unknown
CVE-2021-41991 AVG-2473 Medium Yes Arbitrary code execution
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill...
CVE-2021-41990 AVG-2473 Medium Yes Denial of service
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be...
CVE-2018-16152 AVG-769 High Yes Authentication bypass
The algorithmIdentifier structure on a PKCS#1.5 signature contains an optional parameters field. While none of the algorithms used with PKCS#1 use...
CVE-2018-16151 AVG-769 High Yes Authentication bypass
The OID parser allows any number of random bytes after a valid OID for a PKCS#1.5 signature. The asn1_known_oid() function just parses until it finds a leaf...
CVE-2018-6459 AVG-625 Medium Yes Denial of service
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c before strongSwan 5.6.2 allows remote attackers to cause a denial of...
CVE-2018-5388 AVG-710 Low No Denial of service
strongSwan VPN's charon server prior to version 5.6.3 is missing a packet length check in stroke_socket.c, allowing a buffer overflow which may lead to...
CVE-2017-11185 AVG-382 Low Yes Denial of service
Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures, which requires decryption with...

Advisories

Date Advisory Group Severity Type
24 Sep 2018 ASA-201809-4 AVG-769 High authentication bypass
26 May 2018 ASA-201805-26 AVG-710 Low denial of service
21 Feb 2018 ASA-201802-10 AVG-625 Medium denial of service
14 Aug 2017 ASA-201708-13 AVG-382 Low denial of service