Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 878887 (CVE-2022-40617) - <net-vpn/strongswan-5.9.8: DoS via revocation pointing to attacker server
Summary: <net-vpn/strongswan-5.9.8: DoS via revocation pointing to attacker server
Alias: CVE-2022-40617
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa?]
Depends on: 884213
  Show dependency tree
Reported: 2022-10-31 14:16 UTC by John Helmert III
Modified: 2023-01-06 17:45 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-31 14:16:52 UTC

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

Please remember to file security bugs for your packages! Please
stabilize when erady.
Comment 1 Larry the Git Cow gentoo-dev 2023-01-06 17:45:38 UTC
The bug has been referenced in the following commit(s):

commit 7387260e58f7f39705fa2c03024201eee834e8e9
Author:     John Helmert III <>
AuthorDate: 2023-01-06 17:43:24 +0000
Commit:     John Helmert III <>
CommitDate: 2023-01-06 17:43:34 +0000

    net-vpn/strongswan: drop 5.9.6-r1, 5.9.7
    Signed-off-by: John Helmert III <>

 net-vpn/strongswan/Manifest                        |   2 -
 .../files/strongswan-5.9.6-werror-security.patch   |  20 --
 net-vpn/strongswan/strongswan-5.9.6-r1.ebuild      | 322 ---------------------
 net-vpn/strongswan/strongswan-5.9.7.ebuild         | 318 --------------------
 4 files changed, 662 deletions(-)