CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-41913

CVSS 9.8v3.1pub. 2023-12-07upd. 2025-12-18

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

🤖 AI Analysis
How it works

The attacker sends a crafted IKE_SA_INIT message containing a DH (Diffie-Hellman) public value whose size exceeds the capacity of the internal buffer in the DH proxy module of the charon-tkm component. The lack of proper input size validation (CWE-120 — buffer overflow) causes buffer overflow. Since the attack occurs at the IKE session establishment stage, before any authentication, the exploit is possible for an anonymous network attacker.

Impact

Successful exploitation of the vulnerability may allow an attacker to remotely execute arbitrary code (RCE) on the vulnerable system without authentication, potentially resulting in complete device takeover and violation of data confidentiality, integrity, and availability.

Mitigation & patch

strongSwan should be updated to version 5.9.12 or newer. Patch packages are also available for Fedora and Debian distributions (including Debian LTS). Details are available on the official strongSwan blog and in release repositories on GitHub.

Who is affected

strongSwan in versions 5.3.0 to 5.9.11 (inclusive), only configurations using the charon-tkm component (TKM — Trusted Key Manager) with DH proxy enabled.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Strongswan

    APP
    Strongswan
    5.3.0 – 5.9.12 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2023-26463CRITICAL9.8ten sam produkt

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" ...

CVE-2021-45079CRITICAL9.1ten sam produkt

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually a...

CVE-2015-3991CRITICAL9.8ten sam produkt

strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbi...

CVE-2022-4967HIGH7.7ten sam produkt

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of ce...

CVE-2022-40617HIGH7.5ten sam produkt

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sendi...