CVE-2015-3991Strongswan vulnerability

CWE-198 documents5 sources
Severity
9.8CRITICALNVD
EPSS
4.8%
top 10.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
StrongswanDebian Strongswan
Timeline
PublishedSep 7
Latest updateMay 14

Description

strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

debiandebian/strongswan< strongswan 5.3.0-2 (bookworm)
Debianstrongswan/strongswan< 5.3.0-2+3
NVDstrongswan/strongswan5.2.2, 5.3.0+1

🔴Vulnerability Details

2
GHSA
GHSA-23jq-mpmp-prmf: strongSwan 52022-05-14
OSV
CVE-2015-3991: strongSwan 52017-09-07

📋Vendor Advisories

1
Debian
CVE-2015-3991: strongswan - strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service ...2015

💬Community

4
Bugzilla
CVE-2015-3991 strongswan: incorrect payload processing for different IKE versions [fedora-all]2015-06-05
Bugzilla
CVE-2015-3991 strongswan: incorrect payload processing for different IKE versions [epel-6]2015-06-05
Bugzilla
CVE-2015-3991 strongswan: incorrect payload processing for different IKE versions [epel-7]2015-06-05
Bugzilla
CVE-2015-3991 strongswan: incorrect payload processing for different IKE versions2015-05-19