22 matches found
EUVD-2008-4532
Malware in sbrugna...
EUVD-2009-1952
Malware in sbrugna...
FreeBSD : strongswan -- buffer overflow (bbda3d16-968e-11ee-b780-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bbda3d16-968e-11ee-b780-b42e991fc52e advisory. - strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via...
AZL-35287 CVE-2023-41913 affecting package strongswan for versions less than 5.9.12-1
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKESAINIT message...
CVE-2023-41913
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKESAINIT message...
CVE-2023-41913
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKESAINIT message...
Buffer overflow
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKESAINIT message...
CVE-2023-41913
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKESAINIT message...
CVE-2023-41913
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKESAINIT message...
CVE-2023-41913
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKESAINIT message...
CVE-2023-41913
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKESAINIT message...
SuSE 11 Security Update : strongswan (SAT Patch Number 966)
This update fixes two denial of service bugs that can lead to a remote pre-auth crash while processing a IKESAINIT or a IKEAUTH request. CVE-2009-1957 / CVE-2009-1958 have been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
Null pointer dereference
charon/sa/ikesa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an invalid IKESAINIT request that triggers "an incomplete state," followed by a CREATECHILDSA request...
CVE-2009-1957
charon/sa/ikesa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an invalid IKESAINIT request that triggers "an incomplete state," followed by a CREATECHILDSA request...
CVE-2009-1957
The CVE-2009-1957 issue affects the strongSwan project’s charon daemon. It arises from a flaw in the IKE_SA_INIT processing within charon/ike_sa.c that can trigger a NULL pointer dereference and crash, when a remote attacker sends a crafted IKE_SA_INIT request that leads to an incomplete state an...
CVE-2009-1957
charon/sa/ikesa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an invalid IKESAINIT request that triggers "an incomplete state," followed by a CREATECHILDSA request...
CVE-2008-4551
strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...
CVE-2008-4551
strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...
Null pointer dereference
strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...
CVE-2008-4551
strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...