CVE-2014-2338

EPSS 0.32%

strongswan - security update

Published: 4/16/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-2338

Description

IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.

Affected packages (2)

Debian/strongswanfrom 0, < 5.1.2-4
Debian/strongswanfrom 0, < 4.4.1-5.5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-2338