Описание
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
A flaw was found in the strongSwan eap-mschapv2 plugin (client-side). A remote attacker, specifically a malicious Extensible Authentication Protocol - Microsoft Challenge-Handshake Authentication Protocol version 2 (EAP-MSCHAPv2) server, could exploit this by sending a specially crafted message between 6 and 8 bytes in size. This crafted message can cause an integer underflow, leading to a heap-based buffer overflow. This vulnerability could potentially result in arbitrary code execution, allowing the attacker to take control of the affected system, or lead to a denial of service.
Отчет
For this vulnerability to be exploited, a connection must be made to a malicious server.
Ссылки на источники
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a ...
EPSS
8.1 High
CVSS3