[3.7] strongswan: integer underflow leads to buffer overflow and denial of service in stroke_socket.c (CVE-2018-5388)ID: oval:org.secpod.oval:def:1801005 | Date: (C)2018-06-18 (M)2023-11-10 |
Class: PATCH | Family: unix |
A flaw was found in strongSwan VPN"s charon server prior to version 5.6.3. In stroke_socket.c, a missing packet length check could allow a integer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. A remote attacker with local user credentials may be able to overflow the buffer and cause a denial of service. Fixed In Version:¶ strongswan 5.6.3
Platform: |
Alpine Linux 3.7 |