Strongswan
by Strongswan
Source repositories
CVEs (40)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3991 | Cri | 0.64 | 9.8 | 0.05 | Sep 7, 2017 | strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. | ||
| CVE-2025-62291 | Hig | 0.53 | 8.1 | 0.01 | Jan 16, 2026 | In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. | ||
| CVE-2018-17540 | Hig | 0.49 | 7.5 | 0.04 | Oct 3, 2018 | The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. | ||
| CVE-2018-16152 | Hig | 0.49 | 7.5 | 0.02 | Sep 26, 2018 | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a… | ||
| CVE-2018-16151 | Hig | 0.49 | 7.5 | 0.02 | Sep 26, 2018 | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in… | ||
| CVE-2018-10811 | Hig | 0.49 | 7.5 | 0.07 | Jun 19, 2018 | strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. | ||
| CVE-2017-11185 | Hig | 0.49 | 7.5 | 0.03 | Aug 18, 2017 | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. | ||
| CVE-2017-9023 | Hig | 0.49 | 7.5 | 0.02 | Jun 8, 2017 | The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. | ||
| CVE-2017-9022 | Hig | 0.49 | 7.5 | 0.02 | Jun 8, 2017 | The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. | ||
| CVE-2018-5388 | Med | 0.43 | 6.5 | 0.04 | May 31, 2018 | In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. | ||
| CVE-2026-25075 | Hig | 0.42 | 7.5 | 0.01 | Mar 23, 2026 | strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers… | ||
| CVE-2018-5389 | Med | 0.39 | 5.9 | 0.03 | Sep 6, 2018 | The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is… | ||
| CVE-2018-6459 | Med | 0.35 | 5.3 | 0.01 | Feb 20, 2018 | The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter. | ||
| CVE-2023-26463 | 0.01 | — | 0.02 | Apr 14, 2023 | strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is… | |||
| CVE-2022-4967 | 0.00 | — | 0.00 | May 13, 2024 | strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not… | |||
| CVE-2023-41913 | 0.00 | — | 0.02 | Dec 7, 2023 | strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. | |||
| CVE-2022-40617 | 0.00 | — | 0.02 | Oct 31, 2022 | strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly… | |||
| CVE-2021-45079 | 0.00 | — | 0.03 | Jan 31, 2022 | In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | |||
| CVE-2021-41990 | 0.00 | — | 0.06 | Oct 18, 2021 | The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur. | |||
| CVE-2021-41991 | 0.00 | — | 0.05 | Oct 18, 2021 | The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by… |
- risk 0.64cvss 9.8epss 0.05
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
- risk 0.53cvss 8.1epss 0.01
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
- risk 0.49cvss 7.5epss 0.04
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
- risk 0.49cvss 7.5epss 0.02
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a…
- risk 0.49cvss 7.5epss 0.02
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in…
- risk 0.49cvss 7.5epss 0.07
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
- risk 0.49cvss 7.5epss 0.03
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
- risk 0.49cvss 7.5epss 0.02
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
- risk 0.49cvss 7.5epss 0.02
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
- risk 0.43cvss 6.5epss 0.04
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
- risk 0.42cvss 7.5epss 0.01
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers…
- risk 0.39cvss 5.9epss 0.03
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is…
- risk 0.35cvss 5.3epss 0.01
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.
- CVE-2023-26463Apr 14, 2023risk 0.01cvss —epss 0.02
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is…
- CVE-2022-4967May 13, 2024risk 0.00cvss —epss 0.00
strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not…
- CVE-2023-41913Dec 7, 2023risk 0.00cvss —epss 0.02
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
- CVE-2022-40617Oct 31, 2022risk 0.00cvss —epss 0.02
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly…
- CVE-2021-45079Jan 31, 2022risk 0.00cvss —epss 0.03
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
- CVE-2021-41990Oct 18, 2021risk 0.00cvss —epss 0.06
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
- CVE-2021-41991Oct 18, 2021risk 0.00cvss —epss 0.05
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by…
Page 1 of 2