A vulnerability in the eap-mschapv2 plugin related to processing Failure Request packets on the client was discovered in strongSwan that can result in a heap-based buffer overflow and potentially remote code execution. All versions since 4.2.12 are affected.
A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected.
A vulnerability related to online certificate revocation checking was discovered in strongSwan that can lead to a denial-of-service attack. All versions may be affected.
A vulnerability in the EAP client implementation was discovered in strongSwan. All versions since 4.1.2 are affected.
A denial-of-service vulnerability in the in-memory certificate cache was discovered in strongSwan. All versions since 4.2.10 are affected.
A potential authorization bypass vulnerability in the gmp plugin was discovered in strongSwan. All versions are affected in certain configurations.
A denial-of-service vulnerability in the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF was discovered, all strongSwan versions since 5.0.1 may be affected.
A denial-of-service vulnerability in the stroke plugin was discovered in strongSwan. All versions are affected in certain configurations.