CVE-2010-2628
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2010-2628
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-2628.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2010-2628
- Published
- 2010-08-20T18:00:02Z
- Modified
- 2024-11-21T01:17:02Z
- Summary
- [none]
- Details
-
The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.
- References
-
- http://secunia.com/advisories/40956
- http://www.vupen.com/english/advisories/2010/2085
- http://www.vupen.com/english/advisories/2010/2086
- https://lists.strongswan.org/pipermail/users/2010-August/005167.html
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch
- http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch
- http://www.securityfocus.com/bid/42444
- https://bugzilla.novell.com/615915
- http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html
- http://trac.strongswan.org/projects/strongswan/wiki/441
- http://www.securitytracker.com/id?1024338
- https://security-tracker.debian.org/tracker/CVE-2010-2628
Affected packages
Debian:11 / strongswan
Package
- Name
- strongswan
- Purl
- pkg:deb/debian/strongswan?arch=source
Debian:12 / strongswan
Package
- Name
- strongswan
- Purl
- pkg:deb/debian/strongswan?arch=source
Debian:13 / strongswan
Package
- Name
- strongswan
- Purl
- pkg:deb/debian/strongswan?arch=source