Vulnerabilities (CVE)

Vendor filter

Strongswan Subscribe

Product filter

Strongswan Subscribe

Filter

30 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-5388 3 Strongswan, Debian, Canonical 3 Strongswan, Debian Linux, Ubuntu Linux 2019-10-09 4.0
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
CVE-2017-9023 1 Strongswan 1 Strongswan 2019-10-03 4.3
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
CVE-2009-0790 3 Openswan, Strongswan, Xelerance 3 Strongswan, Openswan, Openswan 2019-07-29 5.0
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted...
CVE-2009-2185 3 Openswan, Strongswan, Xelerance 3 Strongswan, Openswan, Openswan 2019-07-29 5.0
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote...
CVE-2019-10155 5 Libreswan, Openswan, Strongswan and 2 more 5 Libreswan, Openswan, Strongswan and 2 more 2019-07-29 3.5
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity...
CVE-2017-9022 3 Strongswan, Canonical, Debian 3 Strongswan, Ubuntu Linux, Debian Linux 2019-04-16 5.0
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
CVE-2018-10811 3 Strongswan, Debian, Canonical 3 Strongswan, Debian Linux, Ubuntu Linux 2019-03-20 5.0
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2018-6459 1 Strongswan 1 Strongswan 2019-03-07 5.0
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.
CVE-2018-16151 3 Strongswan, Canonical, Debian 3 Strongswan, Ubuntu Linux, Debian Linux 2018-12-19 5.0
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature...
CVE-2018-16152 3 Strongswan, Canonical, Debian 3 Strongswan, Ubuntu Linux, Debian Linux 2018-12-19 5.0
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5...
CVE-2018-17540 3 Strongswan, Canonical, Debian 3 Strongswan, Ubuntu Linux, Debian Linux 2018-11-27 5.0
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
CVE-2014-9221 6 Strongswan, Debian, Fedoraproject and 3 more 6 Debian Linux, Strongswan, Ubuntu Linux and 3 more 2018-10-30 5.0
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
CVE-2013-5018 3 Strongswan, Novell, Opensuse 3 Strongswan, Opensuse, Opensuse 2018-10-30 4.3
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP...
CVE-2017-11185 1 Strongswan 1 Strongswan 2018-08-13 5.0
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
CVE-2015-8023 2 Strongswan, Canonical 2 Strongswan, Ubuntu Linux 2018-08-13 5.0
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success...
CVE-2015-3991 1 Strongswan 1 Strongswan 2018-08-13 7.5
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
CVE-2014-2891 2 Strongswan, Debian 2 Strongswan, Strongswan 2018-08-13 5.0
strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.
CVE-2013-2944 1 Strongswan 1 Strongswan 2018-08-13 4.9
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.
CVE-2015-4171 3 Strongswan, Debian, Canonical 4 Debian Linux, Strongswan, Ubuntu Linux and 1 more 2017-11-08 2.6
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication...
CVE-2012-2388 1 Strongswan 1 Strongswan 2017-08-29 7.5
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."