strongswan

Top products

The 15 most recently published vulnerabilities affecting strongswan.

• CVE-2026-25075strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow7.5Mar 23, 2026
• CVE-2026-25998strongMan vulnerable to private credential recovery due to key and counter reuse7.5Feb 19, 2026
• CVE-2025-62291In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially ...8.1Jan 16, 2026
• CVE-2022-4967strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clie...7.7May 13, 2024
• CVE-2023-41913strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affec...9.8Dec 7, 2023
• CVE-2023-26463strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect acces...9.8Apr 14, 2023
• CVE-2022-40617strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL ...7.5Oct 31, 2022
• CVE-2021-45079In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and...9.1Jan 31, 2022
• CVE-2021-41990The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA cer...7.5Oct 18, 2021
• CVE-2021-41991The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement...7.5Oct 18, 2021
• CVE-2019-10155The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and int...3.1Jun 12, 2019
• CVE-2018-17540The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.7.5Oct 3, 2018
• CVE-2018-16152In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgor...7.5Sep 26, 2018
• CVE-2018-16151In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded ...7.5Sep 26, 2018
• CVE-2018-5389CVE-2018-53895.9Sep 6, 2018