Medium severity6.5NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026
CVE-2018-5388
CVE-2018-5388
Description
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24<5.6.3+ 1 more
- (no CPE)range: <5.6.3
- (no CPE)range: 5.6.3
- osv-coords22 versionspkg:rpm/opensuse/strongswan&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/strongswan&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/strongswan&distro=openSUSE%20Tumbleweedpkg:rpm/suse/strongswan&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/strongswan&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/strongswan&distro=SUSE%20OpenStack%20Cloud%208
< 5.6.0-lp150.3.3.1+ 21 more
- (no CPE)range: < 5.6.0-lp150.3.3.1
- (no CPE)range: < 5.6.0-lp151.4.3.1
- (no CPE)range: < 5.9.0-1.9
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.6.0-4.3.2
- (no CPE)range: < 5.6.0-4.3.2
- (no CPE)range: < 5.6.0-4.3.2
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
Patches
Vulnerability mechanics
References
10- www.kb.cert.org/vuls/id/338343nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/104263nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201811-16nvdThird Party Advisory
- usn.ubuntu.com/3771-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4229nvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.htmlnvd
- packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.htmlnvd
- git.strongswan.orgnvd
News mentions
0No linked articles in our index yet.