The IKE daemon in strongSwan 4.3.x prior to 4.3.7 and 4.4.x prior to 4.4.1 does not properly check the return values of snprintf calls, which allows remote malicious users to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
strongswan strongswan 4.3.3 |
||
strongswan strongswan 4.3.4 |
||
strongswan strongswan 4.3.5 |
||
strongswan strongswan 4.3.0 |
||
strongswan strongswan 4.3.1 |
||
strongswan strongswan 4.3.2 |
||
strongswan strongswan 4.3.6 |
||
strongswan strongswan 4.4.0 |