mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #59
Closed mend-for-github-com[bot] closed 1 year ago
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #59
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #59
Library home page: https://github.com/danos/strongswan.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Vulnerabilities
Details
CVE-2021-45079
### Vulnerable Libraries - strongswandebian/5.7.2-1danos6, strongswandebian/5.7.2-1danos6, strongswandebian/5.7.2-1danos6, strongswandebian/5.7.2-1danos6, strongswandebian/5.7.2-1danos6
### Vulnerability DetailsIn strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
Publish Date: 2022-01-31
URL: CVE-2021-45079
### CVSS 3 Score Details (9.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html
Release Date: 2022-01-31
Fix Resolution: 5.9.5
CVE-2021-41991
### Vulnerable Library - strongswandebian/5.7.2-1danos6Library home page: https://github.com/danos/strongswan.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/strongswan/src/libstrongswan/credentials/sets/cert_cache.c
/release/src/router/strongswan/src/libstrongswan/credentials/sets/cert_cache.c
### Vulnerability DetailsThe in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
Publish Date: 2021-10-18
URL: CVE-2021-41991
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41991
Release Date: 2021-10-18
Fix Resolution: 5.9.4
CVE-2021-41990
### Vulnerable Library - strongswandebian/5.7.2-1danos6Library home page: https://github.com/danos/strongswan.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/strongswan/src/libstrongswan/credentials/keys/signature_params.c
/release/src/router/strongswan/src/libstrongswan/credentials/keys/signature_params.c
### Vulnerability DetailsThe gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
Publish Date: 2021-10-18
URL: CVE-2021-41990
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41990
Release Date: 2021-10-18
Fix Resolution: 5.9.4
CVE-2022-40617
### Vulnerable Library - strongswandebian/5.7.2-1danos6Library home page: https://github.com/danos/strongswan.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/strongswan/src/libstrongswan/credentials/credential_manager.c
/release/src/router/strongswan/src/libstrongswan/credentials/credential_manager.c
### Vulnerability DetailsstrongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
Publish Date: 2022-10-31
URL: CVE-2022-40617
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-40617
Release Date: 2022-10-31
Fix Resolution: 5.9.8