CVE-2013-6075

The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.5.3:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.6.3:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.6.4:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:5.1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-11-02 18:55

Updated : 2024-02-04 18:16


NVD link : CVE-2013-6075

Mitre link : CVE-2013-6075

CVE.ORG link : CVE-2013-6075


JSON object : View

Products Affected

strongswan

  • strongswan
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer