Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 920105 (CVE-2023-41913)

Summary: <net-vpn/strongswan-5.9.13: buffer overflow and potential RCE
Product: Gentoo Security Reporter: Jarkko Suominen <bugzillas>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: UNCONFIRMED ---    
Severity: major CC: kernlpanic, proxy-maint, rndxelement
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html
Whiteboard: B2 [glsa? cleanup]
Package list:
Runtime testing required: ---

Description Jarkko Suominen 2023-12-16 10:21:49 UTC 
https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html

A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected. 

Fixed in 5.9.12. Newest version in the tree is 5.9.11.