CVE-2013-6075

EPSS 0.23%

strongswan - Denial of service and authorization bypass

發布日:2013/11/2修改日:2026/4/28

也稱為:DEBIAN-CVE-2013-6075

描述

The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.

受影響套件(2)

Debian/strongswanfrom 0, < 5.1.0-3
Debian/strongswanfrom 0, < 4.4.1-5.4

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-6075