Blog

Release and vulnerability announcements for strongSwan

A denial-of-service vulnerability in the x509 plugin was discovered in strongSwan. All versions are affected.

An authentication bypass vulnerability in the eap-mschapv2 plugin was discovered in strongSwan. All versions since 4.2.12 are affected.

An information leak vulnerability that affects certain IKEv2 setups was discovered in strongSwan. All versions since 4.3.0 are affected.

A DoS vulnerability triggered by an IKEv2 Key Exchange payload containing DH group 1025 was discovered in strongSwan. All versions since 4.5.0 are affected.

A DoS vulnerability triggered by crafted ID payloads was discovered in strongSwan. Versions since 4.3.3 and before 5.1.2 are affected.

An authentication bypass vulnerability was discovered in strongSwan. It can be triggered by rekeying an unestablished IKEv2 SA while it gets actively initiated. All versions since 4.0.7 are affected.

A DoS vulnerability triggered by crafted IKEv1 fragmentation payloads was discovered in strongSwan's IKE daemon charon. All versions since 5.0.2 are affected.

A DoS vulnerability and potential authorization bypass triggered by a crafted ID_DER_ASN1_DN ID payload was discovered in strongSwan. All versions since 4.3.3 are affected.