rpm package
opensuse/strongswan&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/strongswan&distro=openSUSE%20Tumbleweed
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25075 | Hig | 7.5 | < 6.0.5-1.1 | 6.0.5-1.1 | Mar 23, 2026 | strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers c | |
| CVE-2025-9615 | Low | 3.3 | < 6.0.4-1.1 | 6.0.4-1.1 | Jan 26, 2026 | A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from th | |
| CVE-2025-62291 | Hig | 8.1 | < 6.0.3-1.1 | 6.0.3-1.1 | Jan 16, 2026 | In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. | |
| CVE-2023-26463 | — | < 5.9.10-1.1 | 5.9.10-1.1 | Apr 14, 2023 | strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is s | ||
| CVE-2021-45079 | — | < 5.9.5-1.1 | 5.9.5-1.1 | Jan 31, 2022 | In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | ||
| CVE-2021-41990 | — | < 5.9.4-1.1 | 5.9.4-1.1 | Oct 18, 2021 | The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur. | ||
| CVE-2021-41991 | — | < 5.9.4-1.1 | 5.9.4-1.1 | Oct 18, 2021 | The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by mea | ||
| CVE-2018-17540 | — | < 5.9.0-1.9 | 5.9.0-1.9 | Oct 3, 2018 | The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. | ||
| CVE-2018-10811 | — | < 5.9.0-1.9 | 5.9.0-1.9 | Jun 19, 2018 | strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. | ||
| CVE-2018-5388 | — | < 5.9.0-1.9 | 5.9.0-1.9 | May 31, 2018 | In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. | ||
| CVE-2018-6459 | — | < 5.9.0-1.9 | 5.9.0-1.9 | Feb 20, 2018 | The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter. | ||
| CVE-2015-3991 | Cri | 9.8 | < 5.3.5-1.1 | 5.3.5-1.1 | Sep 7, 2017 | strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. | |
| CVE-2017-11185 | Hig | 7.5 | < 5.9.0-1.9 | 5.9.0-1.9 | Aug 18, 2017 | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. | |
| CVE-2017-9023 | Hig | 7.5 | < 5.9.0-1.9 | 5.9.0-1.9 | Jun 8, 2017 | The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. | |
| CVE-2017-9022 | Hig | 7.5 | < 5.9.0-1.9 | 5.9.0-1.9 | Jun 8, 2017 | The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. | |
| CVE-2015-8023 | — | < 5.3.5-1.1 | 5.3.5-1.1 | Nov 18, 2015 | The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Ch | ||
| CVE-2015-4171 | — | < 5.3.5-1.1 | 5.3.5-1.1 | Jun 10, 2015 | strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote | ||
| CVE-2014-9221 | — | < 5.3.5-1.1 | 5.3.5-1.1 | Jan 7, 2015 | strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. | ||
| CVE-2014-2338 | — | < 5.3.5-1.1 | 5.3.5-1.1 | Apr 16, 2014 | IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established. | ||
| CVE-2013-6076 | — | < 5.3.5-1.1 | 5.3.5-1.1 | Nov 2, 2013 | strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet. |
- affected < 6.0.5-1.1fixed 6.0.5-1.1
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers c
- affected < 6.0.4-1.1fixed 6.0.4-1.1
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from th
- affected < 6.0.3-1.1fixed 6.0.3-1.1
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
- CVE-2023-26463Apr 14, 2023affected < 5.9.10-1.1fixed 5.9.10-1.1
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is s
- CVE-2021-45079Jan 31, 2022affected < 5.9.5-1.1fixed 5.9.5-1.1
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
- CVE-2021-41990Oct 18, 2021affected < 5.9.4-1.1fixed 5.9.4-1.1
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
- CVE-2021-41991Oct 18, 2021affected < 5.9.4-1.1fixed 5.9.4-1.1
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by mea
- CVE-2018-17540Oct 3, 2018affected < 5.9.0-1.9fixed 5.9.0-1.9
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
- CVE-2018-10811Jun 19, 2018affected < 5.9.0-1.9fixed 5.9.0-1.9
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
- CVE-2018-5388May 31, 2018affected < 5.9.0-1.9fixed 5.9.0-1.9
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
- CVE-2018-6459Feb 20, 2018affected < 5.9.0-1.9fixed 5.9.0-1.9
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.
- affected < 5.3.5-1.1fixed 5.3.5-1.1
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
- affected < 5.9.0-1.9fixed 5.9.0-1.9
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
- affected < 5.9.0-1.9fixed 5.9.0-1.9
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
- affected < 5.9.0-1.9fixed 5.9.0-1.9
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
- CVE-2015-8023Nov 18, 2015affected < 5.3.5-1.1fixed 5.3.5-1.1
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Ch
- CVE-2015-4171Jun 10, 2015affected < 5.3.5-1.1fixed 5.3.5-1.1
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote
- CVE-2014-9221Jan 7, 2015affected < 5.3.5-1.1fixed 5.3.5-1.1
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
- CVE-2014-2338Apr 16, 2014affected < 5.3.5-1.1fixed 5.3.5-1.1
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.
- CVE-2013-6076Nov 2, 2013affected < 5.3.5-1.1fixed 5.3.5-1.1
strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.
Page 1 of 2