CVE-2018-10811Missing Initialization of Resource in Strongswan

CWE-909Missing Initialization of ResourceCWE-456Missing Initialization of a Variable10 documents7 sources
Severity
7.5HIGHNVD
EPSS
5.6%
top 9.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
StrongswanDebian StrongswanCanonical Ubuntu Linux+2 more
Timeline
PublishedJun 19
Latest updateMay 13

Description

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/strongswan< strongswan 5.6.3-1 (bookworm)
NVDstrongswan/strongswan5.0.15.6.3
Debianstrongswan/strongswan< 5.6.3-1+3
Ubuntustrongswan/strongswan< 5.1.2-0ubuntu2.10+2

Also affects: Debian Linux 8.0, 9.0, Fedora 28, Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: download.strongswan.orgPatch: download.strongswan.org

🔴Vulnerability Details

3
GHSA
GHSA-5hcm-2jv2-8ggv: strongSwan 52022-05-13
OSV
strongswan vulnerabilities2018-09-25
OSV
CVE-2018-10811: strongSwan 52018-06-19

📋Vendor Advisories

3
Ubuntu
strongSwan vulnerabilities2018-09-25
Red Hat
strongswan: Missing initialization of a variable in IKEv2 key derivation allows denial of service2018-05-28
Debian
CVE-2018-10811: strongswan - strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing In...2018

💬Community

3
Bugzilla
CVE-2018-10811 strongswan: Missing initialization of a variable in IKEv2 key derivation allows denial of service [fedora-all]2018-06-05
Bugzilla
CVE-2018-10811 strongswan: Missing initialization of a variable in IKEv2 key derivation allows denial of service [epel-all]2018-06-05
Bugzilla
CVE-2018-10811 strongswan: Missing initialization of a variable in IKEv2 key derivation allows denial of service2018-06-05