CVE-2013-6075Improper Restriction of Operations within the Bounds of a Memory Buffer in Strongswan

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 54.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
StrongswanDebian Strongswan
Timeline
PublishedNov 2
Latest updateMay 17

Description

The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/strongswan< strongswan 5.1.0-3 (bookworm)
Debianstrongswan/strongswan< 5.1.0-3+3
NVDstrongswan/strongswan22 versions+21

Patches

Patch: download.strongswan.orgPatch: www.strongswan.orgPatch: download.strongswan.org

🔴Vulnerability Details

2
GHSA
GHSA-pv47-47g7-w845: The compare_dn function in utils/identification2022-05-17
OSV
CVE-2013-6075: The compare_dn function in utils/identification2013-11-02

📋Vendor Advisories

2
Red Hat
strongswan: denial of service and potential authorization bypass2013-11-01
Debian
CVE-2013-6075: strongswan - The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5....2013

💬Community

3
Bugzilla
CVE-2013-6075 strongswan: denial of service and potential authorization bypass [fedora-all]2013-11-02
Bugzilla
CVE-2013-6075 strongswan: denial of service and potential authorization bypass [epel-6]2013-11-02
Bugzilla
CVE-2013-6075 strongswan: denial of service and potential authorization bypass2013-11-01