9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.5%
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because
it uses a variable named “public” for two different purposes within the
same function. There is initially incorrect access control, later followed
by an expired pointer dereference. One attack vector is sending an
untrusted client certificate during EAP-TLS. A server is affected only if
it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS,
EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.
Author | Note |
---|---|
mdeslaur | upstream: “Affected are strongSwan versions 5.9.8 and 5.9.9.” introduced by 63fd718915b5 (“libtls: call create_public_enumerator() with key_type”) fix is already in master |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 23.04 | noarch | strongswan | < 5.9.8-3ubuntu3 | UNKNOWN |