24 matches found
CVE-2026-25075
A flaw was found in strongSwan. An unauthenticated remote attacker can exploit an integer underflow vulnerability in the EAP-TTLS AVP Attribute-Value Pair parser. By sending specially crafted AVP data with invalid length fields during IKEv2 Internet Key Exchange version 2 authentication, the...
UBUNTU-CVE-2026-25075
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...
SUSE CVE-2009-1957
charon/sa/ikesa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an invalid IKESAINIT request that triggers "an incomplete state," followed by a CREATECHILDSA request...
SUSE CVE-2009-1958
charon/sa/tasks/childcreate.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKEAUTH request without a 1 TSi or 2 TSr traffic selector...
CVE-2013-6076
strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service NULL pointer dereference and charon daemon crash via a crafted IKEv1 fragmentation packet...
Null pointer dereference
strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service NULL pointer dereference and charon daemon crash via a crafted IKEv1 fragmentation packet...
CVE-2013-6076
strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service NULL pointer dereference and charon daemon crash via a crafted IKEv1 fragmentation packet...
DSA-2789-1 strongswan - Denial of service and authorization bypass
Bulletin has no description...
Debian DSA-1899-1 : strongswan - several vulnerabilities
Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1957 CVE-2009-1958 The charon daemon can crash when processing certain crafted IKEv2...
Debian: Security Advisory (DSA-1899-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1899-1 (strongswan)
The remote host is missing an update to strongswan announced via advisory DSA 1899-1. OpenVAS Vulnerability Test $Id: deb18991.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1899-1 strongswan Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
DSA-1899-1 strongswan - denial of service
Bulletin has no description...
Null pointer dereference
charon/sa/ikesa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an invalid IKESAINIT request that triggers "an incomplete state," followed by a CREATECHILDSA request...
CVE-2009-1958
charon/sa/tasks/childcreate.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKEAUTH request without a 1 TSi or 2 TSr traffic selector...
Design/Logic Flaw
charon/sa/tasks/childcreate.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKEAUTH request without a 1 TSi or 2 TSr traffic selector...
DEBIAN-CVE-2009-1958
charon/sa/tasks/childcreate.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKEAUTH request without a 1 TSi or 2 TSr traffic selector...
CVE-2009-1957
charon/sa/ikesa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an invalid IKESAINIT request that triggers "an incomplete state," followed by a CREATECHILDSA request...
DEBIAN-CVE-2009-1957
charon/sa/ikesa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an invalid IKESAINIT request that triggers "an incomplete state," followed by a CREATECHILDSA request...
CVE-2009-1958
charon/sa/tasks/childcreate.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKEAUTH request without a 1 TSi or 2 TSr traffic selector...
CVE-2009-1957
charon/sa/ikesa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an invalid IKESAINIT request that triggers "an incomplete state," followed by a CREATECHILDSA request...