The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-11-02 11:55
Updated : 2013-11-21 10:41
NVD link : CVE-2013-6075
Mitre link : CVE-2013-6075
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
strongswan
- strongswan