U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): strongswan
  • Search Type: Search All
  • CPE Name Search: false
There are 35 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-41913

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

Published: December 07, 2023; 12:15:09 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.

Published: April 14, 2023; 8:15:07 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

Published: October 31, 2022; 2:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2021-45079

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

Published: January 31, 2022; 3:15:07 AM -0500
V3.1: 9.1 CRITICAL
V2.0: 5.8 MEDIUM
CVE-2021-41991

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

Published: October 18, 2021; 10:15:10 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-41990

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

Published: October 18, 2021; 10:15:10 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-17540

The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.

Published: October 03, 2018; 4:29:09 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-16152

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.

Published: September 26, 2018; 5:29:01 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-16151

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

Published: September 26, 2018; 5:29:01 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-10811

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.

Published: June 19, 2018; 5:29:00 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-5388

In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

Published: May 31, 2018; 9:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-6459

The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.

Published: February 20, 2018; 10:29:00 AM -0500
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2015-3991

strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.

Published: September 07, 2017; 4:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-11185

The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.

Published: August 18, 2017; 1:29:01 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-9023

The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.

Published: June 08, 2017; 12:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2017-9022

The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.

Published: June 08, 2017; 12:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-8023

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.

Published: November 18, 2015; 11:59:07 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4171

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.

Published: June 10, 2015; 2:59:09 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2014-9221

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

Published: January 07, 2015; 2:59:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-2891

strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.

Published: May 07, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM