{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2018-5388", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "dateUpdated": "2024-08-05T05:33:44.315Z", "dateReserved": "2018-01-12T00:00:00", "datePublished": "2018-05-31T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2023-06-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket."}], "affected": [{"vendor": "strongSwan", "product": "strongSwan", "versions": [{"version": "5.6.3", "status": "affected", "lessThan": "5.6.3", "versionType": "custom"}]}], "references": [{"name": "VU#338343", "tags": ["third-party-advisory"], "url": "http://www.kb.cert.org/vuls/id/338343"}, {"name": "GLSA-201811-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201811-16"}, {"url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4"}, {"name": "104263", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/104263"}, {"name": "USN-3771-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/3771-1/"}, {"name": "DSA-4229", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2018/dsa-4229"}, {"name": "openSUSE-SU-2019:2594", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"}, {"name": "openSUSE-SU-2019:2598", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"}, {"name": "openSUSE-SU-2020:0403", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"}, {"url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html"}], "credits": [{"lang": "en", "value": "Thanks to Kevin Backhouse for reporting this vulnerability."}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-124", "cweId": "CWE-124"}]}], "source": {"discovery": "UNKNOWN"}, "datePublic": "2018-05-22T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:44.315Z"}, "title": "CVE Program Container", "references": [{"name": "VU#338343", "tags": ["third-party-advisory", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/338343"}, {"name": "GLSA-201811-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/201811-16"}, {"url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4", "tags": ["x_transferred"]}, {"name": "104263", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/104263"}, {"name": "USN-3771-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/3771-1/"}, {"name": "DSA-4229", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4229"}, {"name": "openSUSE-SU-2019:2594", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"}, {"name": "openSUSE-SU-2019:2598", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"}, {"name": "openSUSE-SU-2020:0403", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"}, {"url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "8602ED39-DA1E-487C-B509-E3546D48728C", "versionEndExcluding": "5.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket."}, {"lang": "es", "value": "En stroke_socket.c en strongSwan en versiones anteriores a la 5.6.3, la ausencia de comprobaciones de la longitud de los paquetes podr\u00eda permitir un desbordamiento del b\u00fafer, lo que puede conducir al agotamiento del recurso y a la denegaci\u00f3n de servicio mientras se lee desde el socket."}], "id": "CVE-2018-5388", "lastModified": "2023-11-07T02:58:42.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-31T13:29:00.220", "references": [{"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"}, {"source": "cret@cert.org", "url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/338343"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104263"}, {"source": "cret@cert.org", "url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201811-16"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3771-1/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4229"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-124"}], "source": "cret@cert.org", "type": "Secondary"}]}

{"bugzilla": {"description": "strongswan: integer underflow leads to buffer overflow and denial of service in stroke_socket.c", "id": "1581867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581867"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-190->CWE-119", "details": ["In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.", "An integer underflow has been discovered in strongSwan VPN's charon server, which could lead to a buffer overflow and consequent crash. A local attacker, with enough privileges to access the Unix Domain Socket /var/run/charon.ctl, could use this vulnerability to crash the charon server."], "mitigation": {"lang": "en:us", "value": "On Red Hat Enterprise Linux 7 only root has access to /var/run/charon.ctl so you need to be already root to exploit the vulnerability."}, "name": "CVE-2018-5388", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "strongimcv", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2018-05-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-5388\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5388"], "threat_severity": "Moderate", "upstream_fix": "strongswan 5.6.3"}