CVE-2023-41913

2023-11-2000:00:00

ubuntu.com

cve-2023-41913

strongswan

buffer overflow

remote code execution

dh public value

charon-tkm

ike_sa_init message

vulnerability

security issue

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated
remote code execution via a DH public value that exceeds the internal
buffer in charon-tkm’s DH proxy. The earliest affected version is 5.3.0. An
attack can occur via a crafted IKE_SA_INIT message.

Notes

Author	Note
mdeslaur	After the USN was published, it was discovered that the Ubuntu packages aren’t built with --enable-tkm, so the vulnerable code isn’t built at all. If this is enabled in the future, the jammy and earlier patches (inlcuding esm) need to be fixed to use diffie_hellman_verify_value() instead of key_exchange_verify_pubkey() for those older versions. Marking remaining releases as “not-affected”

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchstrongswan< 5.6.2-1ubuntu2.9+esm1UNKNOWN
ubuntu20.04noarchstrongswan< 5.8.2-1ubuntu3.6UNKNOWN
ubuntu22.04noarchstrongswan< 5.9.5-2ubuntu2.2UNKNOWN
ubuntu23.04noarchstrongswan< 5.9.8-3ubuntu4.1UNKNOWN
ubuntu23.10noarchstrongswan< 5.9.11-1ubuntu1.1UNKNOWN
ubuntu16.04noarchstrongswan< 5.3.5-1ubuntu3.8+esm4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	strongswan	< 5.6.2-1ubuntu2.9+esm1	UNKNOWN
ubuntu	20.04	noarch	strongswan	< 5.8.2-1ubuntu3.6	UNKNOWN
ubuntu	22.04	noarch	strongswan	< 5.9.5-2ubuntu2.2	UNKNOWN
ubuntu	23.04	noarch	strongswan	< 5.9.8-3ubuntu4.1	UNKNOWN
ubuntu	23.10	noarch	strongswan	< 5.9.11-1ubuntu1.1	UNKNOWN
ubuntu	16.04	noarch	strongswan	< 5.3.5-1ubuntu3.8+esm4	UNKNOWN