threat
engine
.sh
Back
·
··:··
Home
/
Product
/
strongswan
Product
strongswan
38 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-25998
all versions
strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (priva
7.5
HIGH
CVE-2022-4967
>= 5.9.2 and < 5.9.6
strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host
7.7
HIGH
CVE-2023-41913
>= 5.3.0 and < 5.9.12
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that excee
9.8
CRITICAL
CVE-2023-26463
all versions
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different pu
9.8
CRITICAL
CVE-2022-40617
< 5.9.8
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-ent
7.5
HIGH
CVE-2021-45079
>= 4.1.2 and < 5.9.5
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the cl
9.1
CRITICAL
CVE-2021-41991
>= 4.2.10 and < 5.9.4
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with differe
7.5
HIGH
CVE-2021-41990
>= 5.6.1 and < 5.9.4
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. Fo
7.5
HIGH
CVE-2019-10155
< 5.0.0
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and
3.1
LOW
CVE-2018-17540
< 5.7.1
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
7.5
HIGH
CVE-2018-16152
>= 4.0.0 and <= 4.6.4
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA impleme
7.5
HIGH
CVE-2018-16151
>= 4.0.0 and <= 4.6.4
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA impleme
7.5
HIGH
CVE-2018-10811
>= 5.0.1 and < 5.6.3
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
7.5
HIGH
CVE-2018-5388
< 5.6.3
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to res
6.5
MEDIUM
CVE-2018-6459
all versions
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers
5.3
MEDIUM
CVE-2015-3991
all versions
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
9.8
CRITICAL
CVE-2017-11185
<= 5.5.3
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemo
7.5
HIGH
CVE-2017-9023
<= 5.5.2
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote a
7.5
HIGH
CVE-2017-9022
<= 5.5.2
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows rem
7.5
HIGH
CVE-2015-8023
all versions
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 do
CVE-2015-4171
all versions
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authentica
CVE-2014-9221
all versions
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via
CVE-2014-2891
<= 5.1.1
strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a
CVE-2014-2338
all versions
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiatio
CVE-2013-6076
all versions
strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon cr
CVE-2013-6075
all versions
The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial
CVE-2013-5018
all versions
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, w
CVE-2013-2054
all versions
Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key i
CVE-2013-2944
all versions
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authent
CVE-2012-2388
all versions
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RS
CVE-2010-2628
all versions
The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls
CVE-2009-2661
all versions
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 c
CVE-2009-2185
all versions
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10,
CVE-2009-1958
<= 4.2.9
charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads,
CVE-2009-1957
<= 4.3.0
charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL poin
CVE-2009-0790
all versions
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 an
CVE-2008-4551
<= 4.2.6
strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a
CVE-2004-0590
<= 2.1.2
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin