Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 920105 (CVE-2023-41913)

Summary: <net-vpn/strongswan-5.9.13: buffer overflow and potential RCE
Product: Gentoo Security Reporter: Jarkko Suominen <bugzillas>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: UNCONFIRMED ---    
Severity: major CC: ajak, kernlpanic, proxy-maint, rndxelement
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 926852    
Bug Blocks:    

Description Jarkko Suominen 2023-12-16 10:21:49 UTC 
https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html

A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected. 

Fixed in 5.9.12. Newest version in the tree is 5.9.11.
Comment 1 Larry the Git Cow gentoo-dev 2024-07-06 04:58:53 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=341486cf27f6090c2ac643374be6bb20cfec1f35

commit 341486cf27f6090c2ac643374be6bb20cfec1f35
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2024-07-06 04:57:23 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2024-07-06 04:58:37 +0000

    net-vpn/strongswan: drop 5.9.11
    
    Bug: https://bugs.gentoo.org/920105
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-vpn/strongswan/Manifest                 |   1 -
 net-vpn/strongswan/strongswan-5.9.11.ebuild | 318 ----------------------------
 2 files changed, 319 deletions(-)