CPE-7FB80CE4-4B96-46CB-8201-295371944817 Detail

CPE Details

StrongSwan strongSwan 5.7.0

Vendor

strongswan

Product

strongswan

Version

5.7.0

Created

2019-06-13
14h38 +00:00

Modified

2019-06-13
14h38 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:strongswan:strongswan:5.7.0:::::::*

Informations

Vendor

strongswan

Product

strongswan

Version

5.7.0

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-41913	2023-12-06 23h00 +00:00	strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.	9.8	Critical
CVE-2022-40617	2022-10-30 23h00 +00:00	strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.	7.5	High
CVE-2021-45079	2022-01-31 06h15 +00:00	In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.	9.1	Critical
CVE-2021-41990	2021-10-18 11h44 +00:00	The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.	7.5	High
CVE-2021-41991	2021-10-18 11h44 +00:00	The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.	7.5	High
CVE-2018-17540	2018-10-03 18h00 +00:00	The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.	7.5	High

StrongSwan strongSwan 5.7.0

CPE Details

CPE Name: cpe:2.3:a:strongswan:strongswan:5.7.0:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:strongswan:strongswan:5.7.0:::::::*