Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

strongSwan: Buffer Overflow — GLSA 202507-04

A buffer overflow has been discovered in strongSwan, which can lead to remote code execution.

Affected packages

Package net-vpn/strongswan on all architectures
Affected versions < 5.9.13
Unaffected versions >= 5.9.13

Background

strongSwan is an IPSec implementation for Linux.

Description

Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details.

Impact

A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution.

Workaround

There is no known workaround at this time.

Resolution

All strongSwan users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-vpn/strongswan-5.9.13"

References

Release date
July 08, 2025

Latest revision
July 08, 2025: 1

Severity
normal

Exploitable
remote

Bugzilla entries