Описание
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | released | 5.9.11-1ubuntu2 |
| esm-infra-legacy/trusty | not-affected | code not compiled |
| esm-infra/bionic | released | 5.6.2-1ubuntu2.9+esm1 |
| esm-infra/focal | released | 5.8.2-1ubuntu3.6 |
| esm-infra/xenial | released | 5.3.5-1ubuntu3.8+esm4 |
| fips-updates/bionic | not-affected | code not compiled |
| fips-updates/focal | not-affected | code not compiled |
| fips-updates/xenial | not-affected | code not compiled |
| fips/bionic | not-affected | code not compiled |
Показывать по
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
strongSwan before 5.9.12 has a buffer overflow and possible unauthenti ...
EPSS
9.8 Critical
CVSS3