AZL-26300 CVE-2023-26463 affecting package strongswan for versions less than 5.9.10-1

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

ALPINE-CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

SUSE CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

PT-2023-2354 · Unknown +2 · Strongswan +2

Name of the Vulnerable Software and Affected Versions: strongSwan versions 5.9.8 through 5.9.9 Description: The issue is related to incorrect access control and an expired pointer dereference due to the use of a variable named public for two different purposes within the same function. This can...

Public variable unstreamed can be smaller than ∑ts.tokens due to unstreamed not being updated in withdraw()

Handle WatchPug Vulnerability details unstreamed is a public variable, and it's been actively managed in stake, updateStreamInternal. However, since users can also withdraw unstreamed depositToken, the global variable unstreamed should be updated in withdraw as well. For example: 1. Alice deposit...