The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Strongswan | Strongswan | 4.2.10 (including) | 5.9.4 (excluding) |
Strongswan | Ubuntu | bionic | * |
Strongswan | Ubuntu | devel | * |
Strongswan | Ubuntu | esm-infra/xenial | * |
Strongswan | Ubuntu | fips-preview/jammy | * |
Strongswan | Ubuntu | fips-updates/bionic | * |
Strongswan | Ubuntu | fips-updates/focal | * |
Strongswan | Ubuntu | fips-updates/jammy | * |
Strongswan | Ubuntu | fips-updates/xenial | * |
Strongswan | Ubuntu | fips/bionic | * |
Strongswan | Ubuntu | fips/focal | * |
Strongswan | Ubuntu | fips/xenial | * |
Strongswan | Ubuntu | focal | * |
Strongswan | Ubuntu | hirsute | * |
Strongswan | Ubuntu | impish | * |
Strongswan | Ubuntu | jammy | * |
Strongswan | Ubuntu | kinetic | * |
Strongswan | Ubuntu | lunar | * |
Strongswan | Ubuntu | mantic | * |
Strongswan | Ubuntu | noble | * |
Strongswan | Ubuntu | oracular | * |
Strongswan | Ubuntu | trusty | * |
Strongswan | Ubuntu | trusty/esm | * |
Strongswan | Ubuntu | xenial | * |