View | Details | Raw Unified | Return to bug 261462 | Differences between
and this patch

Collapse All | Expand All

(-)b/security/vuxml/vuln-2022.xml (+26 lines)
Lines 1-3 Link Here
1 
  <vuln vid="ccaea96b-7dcd-11ec-93df-00224d821998">
2 
    <topic>strongswan - Incorrect Handling of Early EAP-Success Messages</topic>
3 
    <affects>
4 
      <package>
5 
	<name>strongswan</name>
6 
	<range><lt>5.9.5</lt></range>
7 
      </package>
8 
    </affects>
9 
    <description>
10 
      <body xmlns="http://www.w3.org/1999/xhtml">
11 
	<p>Strongswan Release Notes reports:</p>
12 
	<blockquote cite="https://github.com/strongswan/strongswan/releases/tag/5.9.5">
13 
	  <p>Fixed a vulnerability in the EAP client implementation that was caused by incorrectly handling early EAP-Success messages. It may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. This vulnerability has been registered as CVE-2021-45079.</p>
14 
	</blockquote>
15 
      </body>
16 
    </description>
17 
    <references>
18 
      <cvename>CVE-2021-45079</cvename>
19 
      <url>https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html</url>
20 
    </references>
21 
    <dates>
22 
      <discovery>2021-12-16</discovery>
23 
      <entry>2022-01-25</entry>
24 
    </dates>
25 
  </vuln>
26 

            

        

          1
          
  <vuln vid="309c35f4-7c9f-11ec-a739-206a8a720317">

          27
          
  <vuln vid="309c35f4-7c9f-11ec-a739-206a8a720317">

        

        

          2
          
    <topic>aide -- heap-based buffer overflow</topic>

          28
          
    <topic>aide -- heap-based buffer overflow</topic>

        

        

          3
          
    <affects>

          29
          
    <affects>

        






  

  Return to bug 261462