FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 06:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
ccaea96b-7dcd-11ec-93df-00224d821998	strongswan - Incorrect Handling of Early EAP-Success Messages Strongswan Release Notes reports: Fixed a vulnerability in the EAP client implementation that was caused by incorrectly handling early EAP-Success messages. It may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. This vulnerability has been registered as CVE-2021-45079. Discovery 2021-12-16 Entry 2022-01-25 strongswan < 5.9.5 CVE-2021-45079 https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html
58528a94-5100-4208-a04d-edc01598cf01	strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache Strongswan Release Notes reports: Fixed a denial-of-service vulnerability in the gmp plugin that was caused by an integer overflow when processing RSASSA-PSS signatures with very large salt lengths. This vulnerability has been registered as CVE-2021-41990. Fixed a denial-of-service vulnerability in the in-memory certificate cache if certificates are replaced and a very large random value caused an integer overflow. This vulnerability has been registered as CVE-2021-41991. Discovery 2021-10-04 Entry 2022-01-25 strongswan < 5.9.4 CVE-2021-41990 CVE-2021-41991 https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html
0ae56f3e-488c-11ed-bb31-b42e99a1b9c3	strongswan -- DOS attack vulnerability Lahav Schlesinger reported a bug related to online certificate revocation checking that can lead to a denial-of-service attack . Discovery 2022-10-03 Entry 2022-10-10 strongswan < 5.9.8 CVE-2022-40617 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40617

VuXML ID

Description

ccaea96b-7dcd-11ec-93df-00224d821998

strongswan - Incorrect Handling of Early EAP-Success Messages

Strongswan Release Notes reports:

Fixed a vulnerability in the EAP client implementation that was caused by incorrectly handling early EAP-Success messages. It may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. This vulnerability has been registered as CVE-2021-45079.

Discovery 2021-12-16
Entry 2022-01-25
strongswan

< 5.9.5

CVE-2021-45079
https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html

58528a94-5100-4208-a04d-edc01598cf01

strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache

Strongswan Release Notes reports:

Fixed a denial-of-service vulnerability in the gmp plugin that was caused by an integer overflow when processing RSASSA-PSS signatures with very large salt lengths. This vulnerability has been registered as CVE-2021-41990.

Fixed a denial-of-service vulnerability in the in-memory certificate cache if certificates are replaced and a very large random value caused an integer overflow. This vulnerability has been registered as CVE-2021-41991.

Discovery 2021-10-04
Entry 2022-01-25
strongswan

< 5.9.4

CVE-2021-41990
CVE-2021-41991
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html

0ae56f3e-488c-11ed-bb31-b42e99a1b9c3

strongswan -- DOS attack vulnerability

Lahav Schlesinger reported a bug related to online certificate revocation checking that can lead to a denial-of-service attack

.

Discovery 2022-10-03
Entry 2022-10-10
strongswan

< 5.9.8

CVE-2022-40617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40617