AZL-74766

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74766.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-74766

Upstream

CVE-2025-62291

Published

2026-01-16T19:16:18Z

Modified

2026-04-21T04:38:46.805019Z

Summary

CVE-2025-62291 affecting package strongswan for versions less than 5.9.10-4

Details

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-62291

Affected packages

Azure Linux:2 / strongswan

Package

Name: strongswan
Purl: pkg:rpm/azure-linux/strongswan

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.9.10-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74766.json"