CVE-2022-40617

2022-10-3106:15:09

Debian Security Bug Tracker

security-tracker.debian.org

cve-2022-40617

strongswan

denial of service

revocation plugin

certificate

crl

ocsp

url

remote attack

tcp handshake

application data

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

55.0%

JSON

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker’s control) that doesn’t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

OSVersionArchitecturePackageVersionFilename
Debian12allstrongswan< 5.9.8-1strongswan_5.9.8-1_all.deb
Debian11allstrongswan< 5.9.1-1+deb11u3strongswan_5.9.1-1+deb11u3_all.deb
Debian999allstrongswan< 5.9.8-1strongswan_5.9.8-1_all.deb
Debian13allstrongswan< 5.9.8-1strongswan_5.9.8-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	strongswan	< 5.9.8-1	strongswan_5.9.8-1_all.deb
Debian	11	all	strongswan	< 5.9.1-1+deb11u3	strongswan_5.9.1-1+deb11u3_all.deb
Debian	999	all	strongswan	< 5.9.8-1	strongswan_5.9.8-1_all.deb
Debian	13	all	strongswan	< 5.9.8-1	strongswan_5.9.8-1_all.deb