Security update for strongswan

This update for strongswan fixes the following issues: CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

SUSE-SU-2026:0980-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472...

SUSE-SU-2026:0979-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472...

SUSE-SU-2026:0978-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP bsc1259472. Other bug fixes: -Fix rpm scripts to not break swanctl.conf use bsc1256442: Guard rpm migration scripts migrating strongswan.service using ipsec.conf on less tha...

CVE-2026-25075

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...

CLSA-2026-1774266713 exiv2: Fix of 2 CVEs

CVE-2026-25884: fix out-of-bounds read in CRW image parser - CVE-2026-27596: fix integer underflow in preview component...

CLSA-2026-1774266009 exiv2: Fix of 2 CVEs

CVE-2026-25884: fix out-of-bounds read in CRW image parser - CVE-2026-27596: fix integer underflow in preview component...

strongSwan 代码问题漏洞

strongSwan is an open-source VPN solution based on IPsec, developed by Andreas Steffen of Switzerland for Linux platforms. This solution includes X.509 public key certificates, secure storage of private keys, and authentication mechanisms such as smart cards. Prior to version 6.0.5 of strongSwan,...

OESA-2026-1678 libexif security update

Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. Security Fixes: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to an integer underflow in the ECH extension parsing logic when calculating a buffer length, leading to writing beyond the bounds of an allocated buffer. An attacker can cause memory corruption or...

EUVD-2026-13168

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

CVE-2026-3549 ECH parsing heap buffer overflow

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound via the sslDecodePacket process. An attacker can cause a heap buffer overflow and application crash by injecting a malformed TLS Application Data record that is shorter than the required explicit IV...

EUVD-2026-13133

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

CVE-2026-1005

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

CVE-2026-1005

CVE-2026-1005 affects wolfSSL’s packet sniffer up to version 5.8.4. The root cause is an integer underflow: a 16‑bit length is wrapped to a large value and passed to AEAD decryption, causing a heap buffer overflow in the tls record processing path (ssl_DecodePacket). This yields a crash (denial o...

CVE-2026-1005

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

CVE-2026-1005

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

EUVD-2026-13105

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...