Project

General

Profile

Actions

Bug #8746

closed

StrongSwan 4.4.0 -> 5.6.2 buffer underflow leading to denial of service - CVE-2018-5388

Added by Phil Brutsche almost 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
08/03/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.3_1
Affected Architecture:
All

Description

StrongSwan 5.6.3 was been released on May 31, 2018 to address this issue.

My reading of this issue is it can be exploited "only" via local users, hence the "Normal" priority.

Sources:

https://nvd.nist.gov/vuln/detail/CVE-2018-5388
https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html

Actions #1

Updated by Jim Pingle almost 4 years ago

  • Status changed from New to Resolved
  • Target version set to 2.4.4

strongSwan 5.6.3 is already in 2.4.4 snapshots.

Actions

Also available in: Atom PDF