CVE-2013-2054 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Strongswan

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents6 sources

Severity

6.8MEDIUMNVD

NVD5.1

EPSS

1.8%

top 17.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Debian Strongswan Xelerance Openswan +2 more

Timeline

PublishedJul 9

Latest updateMay 17

Description

Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages6 packages

▶debiandebian/strongswan< strongswan 4.3.4-1 (bookworm)

▶Debianstrongswan/strongswan< 4.3.4-1+3

▶NVDstrongswan/strongswan96 versions+95

▶NVDxelerance/openswan2.6.38+37

▶debiandebian/libreswan

🔴Vulnerability Details

GHSA

GHSA-ghm6-8w78-2p3j: Buffer overflow in the atodn function in libreswan 3↗2022-05-17

▶

GHSA

GHSA-cr25-xc39-jfqp: Buffer overflow in the atodn function in strongSwan 2↗2022-05-17

▶

GHSA

GHSA-xqwx-33f7-54m6: Buffer overflow in the atodn function in Openswan before 2↗2022-05-14

▶

OSV

CVE-2013-2054: Buffer overflow in the atodn function in strongSwan 2↗2013-07-09

▶

📋Vendor Advisories

Red Hat

Openswan: remote buffer overflow in atodn()↗2013-05-13

▶

Debian

CVE-2013-2052: libreswan - Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunist...↗2013

▶

Debian

CVE-2013-2054: strongswan - Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Op...↗2013

▶

💬Community

Bugzilla

CVE-2013-2054 strongSwan: remote buffer overflow in atodn()↗2013-05-06

▶