strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS EAP-TTLS EAP-PEAP or EAP-TNC). This is fixed in 5.9.10.

🗓️ 26 Apr 2023 07:00:00Reported by MicrosoftType

StrongSwan 5.9.8/5.9.9 allow RCE via untrusted certs in TLS based EAP methods; fixed in 5.9.10.

Reporter	Title	Published	Views	Family All 35
FreeBSD	strongSwan -- certificate verification vulnerability	2 Mar 202300:00	–	freebsd
AlpineLinux	CVE-2023-26463	14 Apr 202300:00	–	alpinelinux
BDU FSTEC	The vulnerability of strongSwan demon, related to errors in certificate verification in EAP methods based on TLS, allows a perpetrator to perform a denial-of-service attack.	20 Apr 202300:00	–	bdu_fstec
CBLMariner	CVE-2023-26463 affecting package strongswan for versions less than 5.9.10-1	25 May 202309:38	–	cbl_mariner
Circl	CVE-2023-26463	15 Apr 202307:26	–	circl
CNNVD	strongSwan 信任管理问题漏洞	15 Apr 202300:00	–	cnnvd
CVE	CVE-2023-26463	14 Apr 202300:00	–	cve
Cvelist	CVE-2023-26463	14 Apr 202300:00	–	cvelist
Debian CVE	CVE-2023-26463	14 Apr 202300:00	–	debiancve
Fedora	[SECURITY] Fedora 37 Update: strongswan-5.9.10-1.fc37	11 Mar 202304:29	–	fedora