CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
72.7%
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated
remote code execution via a DH public value that exceeds the internal
buffer in charon-tkm’s DH proxy. The earliest affected version is 5.3.0. An
attack can occur via a crafted IKE_SA_INIT message.
Author | Note |
---|---|
mdeslaur | After the USN was published, it was discovered that the Ubuntu packages aren’t built with --enable-tkm, so the vulnerable code isn’t built at all. If this is enabled in the future, the jammy and earlier patches (inlcuding esm) need to be fixed to use diffie_hellman_verify_value() instead of key_exchange_verify_pubkey() for those older versions. Marking remaining releases as “not-affected” |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | strongswan | < 5.6.2-1ubuntu2.9+esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | strongswan | < 5.8.2-1ubuntu3.6 | UNKNOWN |
ubuntu | 22.04 | noarch | strongswan | < 5.9.5-2ubuntu2.2 | UNKNOWN |
ubuntu | 23.04 | noarch | strongswan | < 5.9.8-3ubuntu4.1 | UNKNOWN |
ubuntu | 23.10 | noarch | strongswan | < 5.9.11-1ubuntu1.1 | UNKNOWN |
ubuntu | 16.04 | noarch | strongswan | < 5.3.5-1ubuntu3.8+esm4 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-41913
nvd.nist.gov/vuln/detail/CVE-2023-41913
security-tracker.debian.org/tracker/CVE-2023-41913
ubuntu.com/security/notices/USN-6488-1
ubuntu.com/security/notices/USN-6488-2
www.cve.org/CVERecord?id=CVE-2023-41913
www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
72.7%