7 matches found
Astra Linux – Vulnerability in StrongSwan
In the eap-mschapv2 plugin client-side in strongSwan, prior to version 6.0.3, a malicious EAP-MSCHAPv2 server could send a crafted message with a size of 6 to 8 bytes, causing an integer underflow, which could potentially lead to a heap-based buffer overflow...
PT-2025-44223
Name of the Vulnerable Software and Affected Versions strongSwan versions 5.9.13-2ubuntu4.25.04.1 Description The strongSwan client had an incorrect handling of EAP-MSCHAPv2 failure requests. An attacker could potentially cause a denial of service, or possibly execute arbitrary code, by tricking ...
Security update for wpa_supplicant (moderate)
openSUSE Security Update: Security update for wpasupplicant Announcement ID: openSUSE-SU-2019:1345-1 Rating: moderate References: 1104205 1109209 Cross-References: CVE-2018-14526 Affected Products: openSUSE Leap 42.3 An update that solves one vulnerability and has one errata is now available...
SUSE-SU-2019:1088-1 Security update for wpa_supplicant
This update for wpasupplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...
openSUSE Security Update : wpa_supplicant (openSUSE-2018-1316)
This update for wpasupplicant provides the following fixes : This security issues was fixe : - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused t...
openSUSE: Security Advisory for wpa_supplicant (openSUSE-SU-2018:3539-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] [DLA 345-1] strongswan security update
Package : strongswan Version : 4.4.1-5.8 CVE ID : CVE-2015-8023 Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be...