Strongswan

strongswan

Vendor: Strongswan • 37 CVEs

CVEs (37)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-4967 1Strongswan 1Strongswan Nov 6, 2025 May 14, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP me...Show more strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).Show less
CVE-2023-41913 1Strongswan 1Strongswan Dec 18, 2025 Dec 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. A...Show more strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.Show less
CVE-2023-26463 1Strongswan 1Strongswan Feb 7, 2025 Apr 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later follow...Show more strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.Show less
CVE-2022-40617 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraStormshield Network Security+2 more May 6, 2025 Oct 31, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server...Show more strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.Show less
CVE-2021-45079 4Canonical DebianFedoraproject+1 more 5Debian Linux Extra Packages For Enterprise LinuxFedora+2 more Nov 21, 2024 Jan 31, 2022 N/A· v4 9.1 CRITICAL· v3 5.8 MEDIUM· v2 In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authenticatio...Show more In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.Show less
CVE-2021-41991 4Debian FedoraprojectSiemens+1 more 25Cp 1543 1 Firmware Debian LinuxFedora+22 more Nov 21, 2024 Oct 18, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The...Show more The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.Show less
CVE-2021-41990 4Debian FedoraprojectSiemens+1 more 206gk5615 0aa00 2aa2 Firmware 6gk5804 0ap00 2aa2 Firmware6gk5812 1aa00 2aa2 Firmware+17 more Nov 21, 2024 Oct 18, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an ini...Show more The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.Show less
CVE-2019-10155 5Fedoraproject LibreswanRedhat+2 more 5Enterprise Linux FedoraLibreswan+2 more Nov 21, 2024 Jun 12, 2019 N/A· v4 3.1 LOW· v3 3.5 LOW· v2 The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a r...Show more The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.Show less
CVE-2018-17540 3Canonical DebianStrongswan 3Debian Linux StrongswanUbuntu Linux Nov 21, 2024 Oct 3, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
CVE-2018-16152 3Canonical DebianStrongswan 3Debian Linux StrongswanUbuntu Linux Dec 3, 2025 Sep 26, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field d...Show more In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.Show less
CVE-2018-16151 3Canonical DebianStrongswan 3Debian Linux StrongswanUbuntu Linux Dec 3, 2025 Sep 26, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PK...Show more In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.Show less
CVE-2018-10811 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraStrongswan+1 more Nov 21, 2024 Jun 19, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2018-5388 3Canonical DebianStrongswan 3Debian Linux StrongswanUbuntu Linux Nov 21, 2024 May 31, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
CVE-2018-6459 1Strongswan 1Strongswan Nov 21, 2024 Feb 20, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generat...Show more The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.Show less
CVE-2015-3991 1Strongswan 1Strongswan May 13, 2026 Sep 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
CVE-2017-11185 1Strongswan 1Strongswan May 13, 2026 Aug 18, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
CVE-2017-9023 1Strongswan 1Strongswan May 13, 2026 Jun 8, 2017 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
CVE-2017-9022 3Canonical DebianStrongswan 3Debian Linux StrongswanUbuntu Linux May 13, 2026 Jun 8, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a...Show more The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.Show less
CVE-2015-8023 2Canonical Strongswan 2Strongswan Ubuntu Linux May 6, 2026 Nov 18, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authenticati...Show more The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.Show less
CVE-2015-4171 3Canonical DebianStrongswan 4Debian Linux StrongswanStrongswan Vpn Client+1 more May 6, 2026 Jun 10, 2015 N/A· v4 N/A· v3 2.6 LOW· v2 strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the en...Show more strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.Show less

12 Next