Vulnerabilities > Strongswan > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-41913 | Classic Buffer Overflow vulnerability in Strongswan strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. | 9.8 |
| 2023-04-15 | CVE-2023-26463 | Improper Certificate Validation vulnerability in Strongswan 5.9.8/5.9.9 strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. | 9.8 |
| 2022-01-31 | CVE-2021-45079 | NULL Pointer Dereference vulnerability in multiple products In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | 9.1 |
| 2017-09-07 | CVE-2015-3991 | Data Processing Errors vulnerability in Strongswan 5.2.2/5.3.0 strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. | 9.8 |