Vulnerabilities > Strongswan > Strongswan > 2.8.11

DATE CVE VULNERABILITY TITLE RISK
2022-10-31 CVE-2022-40617 Resource Exhaustion vulnerability in multiple products
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
7.5
2019-06-12 CVE-2019-10155 Improper Validation of Integrity Check Value vulnerability in multiple products
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified.
3.1
2018-10-03 CVE-2018-17540 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
network
low complexity
strongswan debian canonical CWE-119
7.5
2018-05-31 CVE-2018-5388 Out-of-bounds Write vulnerability in multiple products
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
network
low complexity
strongswan debian canonical CWE-787
6.5
2017-08-18 CVE-2017-11185 NULL Pointer Dereference vulnerability in Strongswan
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
network
low complexity
strongswan CWE-476
7.5
2017-06-08 CVE-2017-9023 Infinite Loop vulnerability in Strongswan
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
network
low complexity
strongswan CWE-835
7.5
2017-06-08 CVE-2017-9022 Improper Input Validation vulnerability in multiple products
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
network
low complexity
strongswan debian canonical CWE-20
7.5