Blog

Release and vulnerability announcements for strongSwan

A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected.

A vulnerability related to online certificate revocation checking was discovered in strongSwan that can lead to a denial-of-service attack. All versions may be affected.

A vulnerability in the EAP client implementation was discovered in strongSwan. All versions since 4.1.2 are affected.

A denial-of-service vulnerability in the in-memory certificate cache was discovered in strongSwan. All versions since 4.2.10 are affected.

A potential authorization bypass vulnerability in the gmp plugin was discovered in strongSwan. All versions are affected in certain configurations.

A denial-of-service vulnerability in the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF was discovered, all strongSwan versions since 5.0.1 may be affected.

A denial-of-service vulnerability in the stroke plugin was discovered in strongSwan. All versions are affected in certain configurations.

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions are affected.