Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.

Published

2023-04-15T00:15:07.487

Last Modified

2025-02-07T22:15:12.097

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-295
CWE-476
Type: Secondary
CWE-295
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	strongswan	strongswan	5.9.8	Yes
Application	strongswan	strongswan	5.9.9	Yes

References

https://github.com/strongswan/strongswan/releases Release Notes ([email protected])
https://security.netapp.com/advisory/ntap-20230517-0010/ ([email protected])
https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html Mitigation, Vendor Advisory ([email protected])
https://github.com/strongswan/strongswan/releases Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230517-0010/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)