Strongswan Security Vulnerabilities and Issues — Strongswan CVE List

Lucene search

StrongswanStrongswan

4 matches found

CVE•added 2022/01/31 8:15 a.m.•115 views

CVE-2021-45079

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

9.1CVSS9.1AI score0.00064EPSS

CVE•added 2023/04/15 12:15 a.m.•99 views

CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted...

9.8CVSS9.5AI score0.1749EPSS

CVE•added 2023/12/07 5:15 a.m.•94 views

CVE-2023-41913

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

9.8CVSS9.7AI score0.1093EPSS

CVE•added 2017/09/07 8:29 p.m.•49 views

CVE-2015-3991

strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.

9.8CVSS9.4AI score0.04756EPSS