VYPR

Vendor CVEs

Strongswan

All CVEs

40 total · sorted by risk
  • CVE-2015-3991CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.05

    strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.

  • CVE-2025-62291HigJan 16, 2026
    risk 0.53cvss 8.1epss 0.01

    In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

  • CVE-2018-17540HigOct 3, 2018
    risk 0.49cvss 7.5epss 0.04

    The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.

  • CVE-2018-16152HigSep 26, 2018
    risk 0.49cvss 7.5epss 0.02

    In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a…

  • CVE-2018-16151HigSep 26, 2018
    risk 0.49cvss 7.5epss 0.02

    In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in…

  • CVE-2018-10811HigJun 19, 2018
    risk 0.49cvss 7.5epss 0.07

    strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.

  • CVE-2017-11185HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.03

    The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.

  • CVE-2017-9023HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.02

    The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.

  • CVE-2017-9022HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.02

    The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.

  • CVE-2018-5388MedMay 31, 2018
    risk 0.43cvss 6.5epss 0.04

    In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

  • CVE-2026-25075HigMar 23, 2026
    risk 0.42cvss 7.5epss 0.01

    strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers…

  • CVE-2018-5389MedSep 6, 2018
    risk 0.39cvss 5.9epss 0.03

    The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is…

  • CVE-2018-6459MedFeb 20, 2018
    risk 0.35cvss 5.3epss 0.01

    The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.

  • CVE-2023-26463Apr 14, 2023
    risk 0.01cvss epss 0.02

    strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is…

  • CVE-2022-4967May 13, 2024
    risk 0.00cvss epss 0.00

    strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not…

  • CVE-2023-41913Dec 7, 2023
    risk 0.00cvss epss 0.02

    strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

  • CVE-2022-40617Oct 31, 2022
    risk 0.00cvss epss 0.02

    strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly…

  • CVE-2021-45079Jan 31, 2022
    risk 0.00cvss epss 0.03

    In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

  • CVE-2021-41990Oct 18, 2021
    risk 0.00cvss epss 0.06

    The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

  • CVE-2021-41991Oct 18, 2021
    risk 0.00cvss epss 0.05

    The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by…

  • CVE-2015-8023Nov 18, 2015
    risk 0.00cvss epss 0.03

    The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial…

  • CVE-2015-4171Jun 10, 2015
    risk 0.00cvss epss 0.02

    strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows…

  • CVE-2014-9221Jan 7, 2015
    risk 0.00cvss epss 0.04

    strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

  • CVE-2014-2891May 7, 2014
    risk 0.00cvss epss 0.02

    strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.

  • CVE-2014-2338Apr 16, 2014
    risk 0.00cvss epss 0.02

    IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.

  • CVE-2013-6076Nov 2, 2013
    risk 0.00cvss epss 0.02

    strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.

  • CVE-2013-6075Nov 2, 2013
    risk 0.00cvss epss 0.02

    The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and…

  • CVE-2013-5018Aug 28, 2013
    risk 0.00cvss epss 0.03

    The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file…

  • CVE-2013-2054Jul 9, 2013
    risk 0.00cvss epss 0.02

    Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT…

  • CVE-2013-2944May 2, 2013
    risk 0.00cvss epss 0.02

    strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.

  • CVE-2012-2388Jun 27, 2012
    risk 0.00cvss epss 0.03

    The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."

  • CVE-2010-2628Aug 20, 2010
    risk 0.00cvss epss 0.04

    The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.

  • CVE-2009-2661Aug 4, 2009
    risk 0.00cvss epss 0.02

    The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via…

  • CVE-2009-2185Jun 25, 2009
    risk 0.00cvss epss 0.03

    The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of…

  • CVE-2009-1958Jun 8, 2009
    risk 0.00cvss epss 0.03

    charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.

  • CVE-2009-1957Jun 8, 2009
    risk 0.00cvss epss 0.03

    charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request.

  • CVE-2009-0790Apr 1, 2009
    risk 0.00cvss epss 0.03

    The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK…

  • CVE-2008-4551Oct 14, 2008
    risk 0.00cvss epss 0.03

    strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in…

  • CVE-2004-0590Dec 6, 2004
    risk 0.00cvss epss 0.03

    FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate…

  • risk 0.00cvss epss

    strongSwan could be made to crash or run programs if it received specially crafted network traffic.