CVE-2023-41913

Name
CVE-2023-41913
Description
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://github.com/strongswan/strongswan/releases
cve@mitre.org https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:* strongswan >= 5.3.0 < 5.9.12

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
strongswan 3.19-main 5.9.12-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
strongswan 3.16-main 5.9.5-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
strongswan 3.18-main 5.9.12-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
strongswan 3.17-main 5.9.12-r0 Natanael Copa <ncopa@alpinelinux.org> fixed