Florian Picca reported a bug the charon-tkm daemon in strongSwan an IKE/IPsec suite. The TKM-backed version of the charon IKE daemon doesn"t check the length of received Diffie-Hellman public values before copying them to a fixed-size buffer on the stack, causing a buffer overflow that could potentially be exploited for remote code execution by sending a specially crafted and unauthenticated IKE_SA_INIT message.