Lucene search

MitreCVE-2022-40617

HistoryOct 31, 2022 - 6:15 a.m.

CVE-2022-40617

2022-10-3106:15:09

CWE-400

mitre

web.nvd.nist.gov

124

cve-2022-40617

strongswan

denial of service

revocation plugin

crafted certificate

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker’s control) that doesn’t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

Affected configurations

Nvd

Node

strongswanstrongswanRange<5.9.8

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch20.04lts

canonicalubuntu_linuxMatch22.04lts

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

Node

fedoraprojectfedoraMatch37

Node

stormshieldstormshield_network_securityRange3.11.1–3.11.20

stormshieldstormshield_network_securityRange4.3.1–4.3.15

stormshieldstormshield_network_securityRange4.5.1–4.6.0

VendorProductVersionCPE
strongswanstrongswan*cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
canonicalubuntu_linux22.04cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
stormshieldstormshield_network_security*cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
strongswan	strongswan	*	cpe:2.3:a:strongswan:strongswan::::::::
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
canonical	ubuntu_linux	20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
canonical	ubuntu_linux	22.04	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*
fedoraproject	fedora	37	cpe:2.3:o:fedoraproject:fedora:37:::::::*
stormshield	stormshield_network_security	*	cpe:2.3:a:stormshield:stormshield_network_security::::::::