CVE-2023-26463
Description
strongSwan 5.9.8 and 5.9.9 have a TLS certificate verification flaw in libtls that can lead to authentication bypass and possibly remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
strongSwan 5.9.8 and 5.9.9 have a TLS certificate verification flaw in libtls that can lead to authentication bypass and possibly remote code execution.
Vulnerability
The vulnerability resides in strongSwan's libtls library, which handles TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). In versions 5.9.8 and 5.9.9, during certificate verification, the function tls_find_public_key() incorrectly uses a local variable named public for two purposes. This leads to two flaws: first, the public key from an untrusted peer certificate is treated as trusted (CWE-295), and second, the reference count for the public key is not correctly managed, resulting in an expired pointer dereference (CWE-825). The credential manager searches for a trusted public key matching the peer's identity, but if the certificate is untrusted (e.g., self-signed), the logic still accepts the key due to the variable misuse [1][2].
Exploitation
An attacker can send an untrusted (e.g., self-signed) client certificate during a TLS-based EAP authentication handshake to a vulnerable server. Servers are only affected if they load plugins that implement TLS-based EAP methods. Similarly, a client may be vulnerable if an attacker sends a request for such an EAP method followed by an untrusted server certificate. No special network position beyond the ability to establish a TLS connection is required; the attacker does not need prior authentication or write access. The attack exploits the incorrect access control and the subsequent use-after-free when the public key's expired pointer is dereferenced [2].
Impact
Successful exploitation commonly results in a segmentation fault and denial of service due to the expired pointer dereference. However, depending on memory layout and conditions, an attacker could achieve information disclosure or remote code execution (RCE). The attacker could bypass client or server authentication entirely, potentially gaining unauthorized access to VPN or other secure channels [1][2].
Mitigation
The vulnerability is fixed in strongSwan version 5.9.10, released on 2023-03-02 [1]. Users should upgrade to 5.9.10 or later. If immediate upgrade is not possible, disabling TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC) may serve as a temporary workaround, though this may impact functionality. The vulnerability is not known to be listed in CISA's KEV catalogue as of the publication date [2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: >=5.9.8, <=5.9.9
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3News mentions
0No linked articles in our index yet.