CVE-2025-62291 affecting package strongswan for versions less than 5.9.10-4

CVE-2025-62291 affecting package strongswan for versions less than 5.9.10-4. A patched version of the package is available...

PT-2026-27175

Name of the Vulnerable Software and Affected Versions strongSwan versions 4.5.0 through 6.0.4 Description An integer underflow flaw exists in the EAP-TTLS AVP parser within strongSwan. This issue allows remote attackers to cause a denial of service by sending specially crafted AVP data with inval...

SUSE CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

DEBIAN-CVE-2015-4171

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtai...