CVE-2026-25075 in strongSwanالمعلومات

الملخص

بحسب MITRE • 23/03/2026

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

VulnCheck

حجز

28/01/2026

إفشاء

23/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-352574

CPE

جاهز

CWE

CWE-191 (مؤكد)

CVSS

7.5 (CNA)

EPSS

0.00248

KEV

لا

النشاطات

منخفض جدًا

القطاع

Homeoffice, Agriculture, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-25075
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-25075
CVE Details	https://www.cvedetails.com/cve/CVE-2026-25075/

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!