CVE-2010-3302Improper Restriction of Operations within the Bounds of a Memory Buffer in Openswan

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-78OS Command Injection10 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
6.1%
top 9.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xelerance Openswan
Timeline
PublishedOct 5
Latest updateMay 14

Description

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDxelerance/openswan4 versions+3

Patches

Patch: www.openswan.orgPatch: www.openswan.orgPatch: www.openswan.org

🔴Vulnerability Details

2
GHSA
GHSA-fmrf-vrjc-f4q9: Buffer overflow in programs/pluto/xauth2022-05-14
GHSA
GHSA-46rf-hcw5-3qq2: programs/pluto/xauth2022-05-14

📋Vendor Advisories

2
Red Hat
openswan: buffer overflow vulnerability in XAUTH client-side support2010-09-27
Red Hat
Openswan: Gateway arbitrary code execution via shell metacharacters in cisco_dns_info or cisco_domain_info data in packet2010-09-27

💬Community

4
Bugzilla
CVE-2010-3752 Openswan: Gateway arbitrary code execution via shell metacharacters in cisco_dns_info or cisco_domain_info data in packet2010-10-06
Bugzilla
CVE-2010-3308 CVE-2010-3302 openswan various flaws [fedora-all]2010-09-27
Bugzilla
CVE-2010-3308 Openswan cisco banner option handling vulnerability2010-09-27
Bugzilla
CVE-2010-3302 openswan: buffer overflow vulnerability in XAUTH client-side support2010-09-15
CVE-2010-3302 — Xelerance Openswan vulnerability | cvebase