Project

General

Profile

Bug #8746

StrongSwan 4.4.0 -> 5.6.2 buffer underflow leading to denial of service - CVE-2018-5388

Added by Phil Brutsche 8 months ago. Updated 8 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
08/03/2018
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.3_1
Affected Architecture:
All

Description

StrongSwan 5.6.3 was been released on May 31, 2018 to address this issue.

My reading of this issue is it can be exploited "only" via local users, hence the "Normal" priority.

Sources:

https://nvd.nist.gov/vuln/detail/CVE-2018-5388
https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html

History

#1 Updated by Jim Pingle 8 months ago

  • Status changed from New to Resolved
  • Target version set to 2.4.4

strongSwan 5.6.3 is already in 2.4.4 snapshots.

Also available in: Atom PDF