Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
strongswan vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-41913
strongSwan prior to 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
Strongswan Strongswan
4.3
CVSSv2
CVE-2017-9023
The ASN.1 parser in strongSwan prior to 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote malicious users to cause a denial of service (infinite loop) via a crafted certificate.
Strongswan Strongswan
5
CVSSv2
CVE-2017-11185
The gmp plugin in strongSwan prior to 5.6.0 allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
Strongswan Strongswan
5
CVSSv2
CVE-2018-6459
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote malicious users to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.
Strongswan Strongswan 5.6.1
3.5
CVSSv2
CVE-2019-10155
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This is...
Strongswan Strongswan
Libreswan Libreswan
Xelerance Openswan
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Redhat Enterprise Linux 8.0
4
CVSSv2
CVE-2018-5388
In stroke_socket.c in strongSwan prior to 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
Strongswan Strongswan
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
5
CVSSv2
CVE-2018-17540
The gmp plugin in strongSwan prior to 5.7.1 has a Buffer Overflow via a crafted certificate.
Strongswan Strongswan
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
5
CVSSv2
CVE-2018-16151
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x prior to 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in t...
Strongswan Strongswan
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
5
CVSSv2
CVE-2018-16152
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x prior to 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a ...
Strongswan Strongswan
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
10
CVSSv2
CVE-2004-0590
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x prior to 1.0.6, openswan 2.x prior to 2.1.4, and strongSwan prior to 2.1.3, allows remote malicious users to authenticate using spoofed PKCS#7 certificates in which a self-signed certifica...
Frees Wan Frees Wan 1
Frees Wan Frees Wan 2
Frees Wan Super Frees Wan 1
Openswan Openswan 1
Openswan Openswan 2
Strongswan Strongswan
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »