Lucene search

[email protected]NVD:CVE-2013-6075

HistoryNov 02, 2013 - 6:55 p.m.

CVE-2013-6075

2013-11-0218:55:03

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.007

Percentile

79.7%

JSON

The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an “insufficient length check” during identity comparison.

Affected configurations

Nvd

Node

strongswanstrongswanMatch4.3.3

strongswanstrongswanMatch4.3.4

strongswanstrongswanMatch4.3.5

strongswanstrongswanMatch4.3.6

strongswanstrongswanMatch4.3.7

strongswanstrongswanMatch4.4.0

strongswanstrongswanMatch4.4.1

strongswanstrongswanMatch4.5.0

strongswanstrongswanMatch4.5.1

strongswanstrongswanMatch4.5.2

strongswanstrongswanMatch4.5.3

strongswanstrongswanMatch4.6.0

strongswanstrongswanMatch4.6.1

strongswanstrongswanMatch4.6.2

strongswanstrongswanMatch4.6.3

strongswanstrongswanMatch4.6.4

strongswanstrongswanMatch5.0.0

strongswanstrongswanMatch5.0.1

strongswanstrongswanMatch5.0.2

strongswanstrongswanMatch5.0.3

strongswanstrongswanMatch5.0.4

strongswanstrongswanMatch5.1.0

VendorProductVersionCPE
strongswanstrongswan4.3.3cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*
strongswanstrongswan4.3.4cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*
strongswanstrongswan4.3.5cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*
strongswanstrongswan4.3.6cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*
strongswanstrongswan4.3.7cpe:2.3:a:strongswan:strongswan:4.3.7:*:*:*:*:*:*:*
strongswanstrongswan4.4.0cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*
strongswanstrongswan4.4.1cpe:2.3:a:strongswan:strongswan:4.4.1:*:*:*:*:*:*:*
strongswanstrongswan4.5.0cpe:2.3:a:strongswan:strongswan:4.5.0:*:*:*:*:*:*:*
strongswanstrongswan4.5.1cpe:2.3:a:strongswan:strongswan:4.5.1:*:*:*:*:*:*:*
strongswanstrongswan4.5.2cpe:2.3:a:strongswan:strongswan:4.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
strongswan	strongswan	4.3.3	cpe:2.3:a:strongswan:strongswan:4.3.3:::::::*
strongswan	strongswan	4.3.4	cpe:2.3:a:strongswan:strongswan:4.3.4:::::::*
strongswan	strongswan	4.3.5	cpe:2.3:a:strongswan:strongswan:4.3.5:::::::*
strongswan	strongswan	4.3.6	cpe:2.3:a:strongswan:strongswan:4.3.6:::::::*
strongswan	strongswan	4.3.7	cpe:2.3:a:strongswan:strongswan:4.3.7:::::::*
strongswan	strongswan	4.4.0	cpe:2.3:a:strongswan:strongswan:4.4.0:::::::*
strongswan	strongswan	4.4.1	cpe:2.3:a:strongswan:strongswan:4.4.1:::::::*
strongswan	strongswan	4.5.0	cpe:2.3:a:strongswan:strongswan:4.5.0:::::::*
strongswan	strongswan	4.5.1	cpe:2.3:a:strongswan:strongswan:4.5.1:::::::*
strongswan	strongswan	4.5.2	cpe:2.3:a:strongswan:strongswan:4.5.2:::::::*