Launchpad CVE tracker

CVE 2023-41913

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

Related bugs and status

CVE-2023-41913 (Candidate) is related to these bugs:

Bug #2040430: Merge strongswan from Debian unstable for noble

Summary				In	Importance	Status
	2040430	Merge strongswan from Debian unstable for noble		strongswan (Ubuntu)	Undecided	Fix Released

Bug #2044204: [Debian] Critical CVE: CVE-2023-41913 strongswan: potential buffer overflow

Summary				In	Importance	Status
	2044204	[Debian] Critical CVE: CVE-2023-41913 strongswan: potential buffer overflow		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.strongswan...
MISC: https://github.com/str...

Launchpad.net

CVE 2023-41913

Related bugs and status

Related bugs

References