5 matches found
CVE-2026-25075
A flaw was found in strongSwan. An unauthenticated remote attacker can exploit an integer underflow vulnerability in the EAP-TTLS AVP Attribute-Value Pair parser. By sending specially crafted AVP data with invalid length fields during IKEv2 Internet Key Exchange version 2 authentication, the...
Security Bulletin: Vulnerability in strongswan affects IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in the strongswan IKEv1 implementation affects IBM Storage Virtualize products and could cause a confidentiality impact. CVE-2025-36118. Vulnerability Details CVEID:CVE-2025-36118 DESCRIPTION: IBM Storage Virtualize IKEv1 implementation allows remote attackers to obtain...
SUSE CVE-2014-2338
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKESA during 1 initiation or 2 re-authentication, which triggers the IKESA state to be set to established...
SUSE CVE-2015-4171
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtai...
DEBIAN-CVE-2013-2944
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature...