Search criteria
6 vulnerabilities found for strongswan by strongswan
CVE-2025-62291 (GCVE-0-2025-62291)
Vulnerability from cvelistv5 – Published: 2026-01-16 00:00 – Updated: 2026-01-16 19:07
VLAI?
Summary
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
Severity ?
8.1 (High)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strongSwan | strongSwan |
Affected:
4.2.12 , < 6.0.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T18:50:33.538280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T18:51:12.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-16T19:07:43.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "strongSwan",
"vendor": "strongSwan",
"versions": [
{
"lessThan": "6.0.3",
"status": "affected",
"version": "4.2.12",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "4.2.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T18:23:50.089Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"url": "https://github.com/strongswan/strongswan/commits/master/src/libcharon/plugins/eap_mschapv2"
},
{
"url": "https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-%28cve-2025-62291%29.html"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-62291",
"datePublished": "2026-01-16T00:00:00.000Z",
"dateReserved": "2025-10-10T00:00:00.000Z",
"dateUpdated": "2026-01-16T19:07:43.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4967 (GCVE-0-2022-4967)
Vulnerability from cvelistv5 – Published: 2024-05-13 12:09 – Updated: 2025-02-13 16:38
VLAI?
Summary
strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).
Severity ?
7.7 (High)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strongSwan | strongSwan |
Affected:
5.9.2 , < 5.9.6
(semver)
|
Credits
Jan Schermer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T13:10:42.421746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:33.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:55:46.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4967"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240614-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "strongswan",
"platforms": [
"Linux"
],
"product": "strongSwan",
"repo": "https://github.com/strongswan/strongswan",
"vendor": "strongSwan",
"versions": [
{
"lessThan": "5.9.6",
"status": "affected",
"version": "5.9.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jan Schermer"
}
],
"descriptions": [
{
"lang": "en",
"value": "strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client\u0027s certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-297",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T13:06:08.293Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4967"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240614-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-4967",
"datePublished": "2024-05-13T12:09:19.104Z",
"dateReserved": "2024-04-19T18:02:23.578Z",
"dateUpdated": "2025-02-13T16:38:39.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5389 (GCVE-0-2018-5389)
Vulnerability from cvelistv5 – Published: 2018-09-06 21:00 – Updated: 2024-08-05 05:33
VLAI?
Title
CVE-2018-5389
Summary
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strongSwan | Strongswan |
Affected:
5.5.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/857035"
},
{
"tags": [
"x_transferred"
],
"url": "https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key"
},
{
"tags": [
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K42378447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Strongswan",
"vendor": "strongSwan",
"versions": [
{
"status": "affected",
"version": "5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-521 Weak Password Requirements",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T19:08:15.699Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf"
},
{
"url": "https://www.kb.cert.org/vuls/id/857035"
},
{
"url": "https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html"
},
{
"url": "https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key"
},
{
"url": "https://my.f5.com/manage/s/article/K42378447"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2018-5389",
"x_generator": {
"engine": "VINCE 3.0.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2018-5389"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5389",
"datePublished": "2018-09-06T21:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5388 (GCVE-0-2018-5388)
Vulnerability from cvelistv5 – Published: 2018-05-31 00:00 – Updated: 2024-08-05 05:33
VLAI?
Summary
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strongSwan | strongSwan |
Affected:
5.6.3 , < 5.6.3
(custom)
|
Credits
Thanks to Kevin Backhouse for reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#338343",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/338343"
},
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4"
},
{
"name": "104263",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104263"
},
{
"name": "USN-3771-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "DSA-4229",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "strongSwan",
"vendor": "strongSwan",
"versions": [
{
"lessThan": "5.6.3",
"status": "affected",
"version": "5.6.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Kevin Backhouse for reporting this vulnerability."
}
],
"datePublic": "2018-05-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-124",
"description": "CWE-124",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#338343",
"tags": [
"third-party-advisory"
],
"url": "http://www.kb.cert.org/vuls/id/338343"
},
{
"name": "GLSA-201811-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4"
},
{
"name": "104263",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/104263"
},
{
"name": "USN-3771-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"name": "DSA-4229",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"name": "openSUSE-SU-2019:2594",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"name": "openSUSE-SU-2019:2598",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"name": "openSUSE-SU-2020:0403",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5388",
"datePublished": "2018-05-31T00:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-1109
Vulnerability from certfr_avis - Published: 2025-12-15 - Updated: 2025-12-15
Une vulnérabilité a été découverte dans StrongSwan. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Des correctifs de sécurité sont mis à disposition par l'éditeur pour certaines versions de strongSwan et NetworkManager-strongswan, se référer à l'avis éditeur.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| StrongSwan | strongSwan | strongSwan versions postérieures à 4.x et antérieures à 6.0.4 | ||
| StrongSwan | strongSwan | greffon NetworkManager-strongswan versions antérieures à 1.6.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "strongSwan versions post\u00e9rieures \u00e0 4.x et ant\u00e9rieures \u00e0 6.0.4",
"product": {
"name": "strongSwan",
"vendor": {
"name": "StrongSwan",
"scada": false
}
}
},
{
"description": "greffon NetworkManager-strongswan versions ant\u00e9rieures \u00e0 1.6.4",
"product": {
"name": "strongSwan",
"vendor": {
"name": "StrongSwan",
"scada": false
}
}
}
],
"affected_systems_content": "Des correctifs de s\u00e9curit\u00e9 sont mis \u00e0 disposition par l\u0027\u00e9diteur pour certaines versions de strongSwan et NetworkManager-strongswan, se r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-9615",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9615"
}
],
"initial_release_date": "2025-12-15T00:00:00",
"last_revision_date": "2025-12-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1109",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans StrongSwan. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans strongSwan",
"vendor_advisories": [
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 StrongSwan cve-2025-9615",
"url": "https://www.strongswan.org//blog/2025/12/12/strongswan-vulnerability-(cve-2025-9615).html"
}
]
}
CERTFR-2025-AVI-0931
Vulnerability from certfr_avis - Published: 2025-10-28 - Updated: 2025-10-28
Une vulnérabilité a été découverte dans StrongSwan. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| StrongSwan | strongSwan | strongSwan versions antérieures à 6.0.3 avec le Greffon eap-mschapv2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "strongSwan versions ant\u00e9rieures \u00e0 6.0.3 avec le Greffon eap-mschapv2",
"product": {
"name": "strongSwan",
"vendor": {
"name": "StrongSwan",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-62291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62291"
}
],
"initial_release_date": "2025-10-28T00:00:00",
"last_revision_date": "2025-10-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0931",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans StrongSwan. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans StrongSwan",
"vendor_advisories": [
{
"published_at": "2025-10-27",
"title": "Bulletin de s\u00e9curit\u00e9 StrongSwan cve-2025-62291",
"url": "https://www.strongswan.org//blog/2025/10/27/strongswan-vulnerability-(cve-2025-62291).html"
}
]
}