DSA-5560-1 strongswan -- strongswanID: oval:org.secpod.oval:def:612804 | Date: (C)2023-11-24 (M)2024-06-19 |
Class: PATCH | Family: unix |
Florian Picca reported a bug the charon-tkm daemon in strongSwan an IKE/IPsec suite. The TKM-backed version of the charon IKE daemon doesn"t check the length of received Diffie-Hellman public values before copying them to a fixed-size buffer on the stack, causing a buffer overflow that could potentially be exploited for remote code execution by sending a specially crafted and unauthenticated IKE_SA_INIT message.
Platform: |
Debian 12.x |
Debian 11.x |
Product: |
libcharon-extra-plugins |
libstrongswan |
libcharon-extauth-plugins |
charon-systemd |
strongswan |
charon-cmd |