strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
19 Jul 2023, 00:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Stormshield stormshield Network Security
Stormshield |
|
CPE | cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* |
27 Jan 2023, 19:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/ - Mailing List, Third Party Advisory | |
First Time |
Fedoraproject
Fedoraproject fedora |
14 Nov 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Nov 2022, 14:12
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-400 | |
First Time |
Strongswan
Debian debian Linux Debian Strongswan strongswan Canonical ubuntu Linux Canonical |
|
References | (CONFIRM) https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html - Mitigation, Vendor Advisory | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:* cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:* |
31 Oct 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-31 06:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-40617
Mitre link : CVE-2022-40617
CVE.ORG link : CVE-2022-40617
JSON object : View
Products Affected
canonical
- ubuntu_linux
debian
- debian_linux
fedoraproject
- fedora
stormshield
- stormshield_network_security
strongswan
- strongswan
CWE
CWE-400
Uncontrolled Resource Consumption