Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow
Vulnerability Description
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
整数下溢(超界折返)
Vulnerability Title
strongSwan 代码问题漏洞
Vulnerability Description
strongSwan是瑞士Andreas Steffen个人开发者的一套Linux平台使用的开源的基于IPsec的VPN解决方案。该方案包含X.509公开密钥证书、安全储存私钥、智能卡等认证机制。 strongSwan 6.0.5之前版本存在代码问题漏洞,该漏洞源于EAP-TTLS AVP解析器存在整数下溢,可能导致未经身份验证的远程攻击者通过发送具有无效长度字段的特制AVP数据来造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A