strongSwan is vulnerable to denial of service. The vulnerability exists because strongSwan incorrectly handles certain OCSP URIs
and CRL
distribution points (CDP) in certificates which allows a remote attacker to initiate IKE_SAs
and send crafted certificates that contain URIs pointing to servers under their control which leads to an application crash.
git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-40617
lists.fedoraproject.org/archives/list/[email protected]/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/
www.rapid7.com/db/vulnerabilities/ubuntu-cve-2022-40617/
www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html