CVE-2005-0162 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Openswan

2 documents2 sources

Severity

7.2HIGHNVD

EPSS

4.3%

top 11.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openswan Xelerance Openswan

Timeline

PublishedJan 26

Latest updateMay 1

Description

Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDopenswan/openswan1.0.9

▶NVDxelerance/openswan2.3.0

Patches

Patch: www.idefense.com ↗Patch: www.openswan.org ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-fg53-7fcw-mx53: Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1↗2022-05-01

▶