4733 matches found
Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
...
strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
...
SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2026:0980-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0980-1 advisory. - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472. Tenable has extracted the preceding...
PT-2026-33103
Name of the Vulnerable Software and Affected Versions xwayland versions prior to 24.1.9-2.1 xorg-x11-server versions prior to 21.1.21-5.1 Description Security issues were identified in xwayland and xorg-x11-server. Recommendations Update xwayland to version 24.1.9-2.1. Update xorg-x11-server to...
SUSE SLES15 / openSUSE 15 Security Update : strongswan (SUSE-SU-2026:0979-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0979-1 advisory. - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472. Tenable has extracted the preceding descripti...
SUSE SLES15 Security Update : strongswan (SUSE-SU-2026:0981-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0981-1 advisory. - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472. Tenable has extracted the preceding description block...
CVE-2026-25075
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...
CVE-2026-25075
The CVE-2026-25075 issue is an integer underflow in strongSwan’s EAP-TTLS AVP parser affecting versions 4.5.0 through 6.0.4, which can crash the charon IKE daemon (DoS) via crafted AVP length fields during IKEv2 authentication. Mitigation: upgrade to strongSwan 6.0.5 or later (as confirmed by Mag...
Security update for strongswan
This update for strongswan fixes the following issues: CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...
SUSE-SU-2026:0981-1 Security update for strongswan
This update for strongswan fixes the following issues: - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472...
Security update for strongswan
This update for strongswan fixes the following issues: CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...
SUSE-SU-2026:0980-1 Security update for strongswan
This update for strongswan fixes the following issues: - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472...
SUSE-SU-2026:0979-1 Security update for strongswan
This update for strongswan fixes the following issues: - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472...
SUSE-SU-2026:0978-1 Security update for strongswan
This update for strongswan fixes the following issues: - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472. Other bug fixes: -Fix rpm scripts to not break swanctl.conf use bsc1256442: Guard rpm migration scripts migrating strongswan.service using ipsec.conf on less tha...
CVE-2026-25075
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...
CLSA-2026-1774266713 exiv2: Fix of 2 CVEs
CVE-2026-25884: fix out-of-bounds read in CRW image parser - CVE-2026-27596: fix integer underflow in preview component...
CLSA-2026-1774266009 exiv2: Fix of 2 CVEs
CVE-2026-25884: fix out-of-bounds read in CRW image parser - CVE-2026-27596: fix integer underflow in preview component...
strongSwan 代码问题漏洞
strongSwan is an open-source VPN solution based on IPsec, developed by Andreas Steffen of Switzerland for Linux platforms. This solution includes X.509 public key certificates, secure storage of private keys, and authentication mechanisms such as smart cards. Prior to version 6.0.5 of strongSwan,...
OESA-2026-1678 libexif security update
Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. Security Fixes: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to an integer underflow in the ECH extension parsing logic when calculating a buffer length, leading to writing beyond the bounds of an allocated buffer. An attacker can cause memory corruption or...