Blog

Release and vulnerability announcements for strongSwan

A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected.

A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected.

A vulnerability related to online certificate revocation checking was discovered in strongSwan that can lead to a denial-of-service attack. All versions may be affected.

A vulnerability in the EAP client implementation was discovered in strongSwan. All versions since 4.1.2 are affected.

A denial-of-service vulnerability in the in-memory certificate cache was discovered in strongSwan. All versions since 4.2.10 are affected.

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions since 5.6.1 are affected.

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions patched with the fix for CVE-2018-16151/2 are affected.

A potential authorization bypass vulnerability in the gmp plugin was discovered in strongSwan. All versions are affected in certain configurations.