Описание
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 6.0.1-6ubuntu5 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| fips-preview/jammy | needs-triage | |
| fips-updates/bionic | needs-triage | |
| fips-updates/focal | needs-triage | |
| fips-updates/jammy | released | 5.9.5-2ubuntu2.4+Fips1 |
| fips-updates/xenial | needs-triage |
Показывать по
10
8.1 High
CVSS3
Связанные уязвимости
CVSS3: 8.1
nvd
23 дня назад
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
CVSS3: 8.1
debian
23 дня назад
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a ...
8.1 High
CVSS3