CVE-2021-45079

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-45079
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45079.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-45079
Downstream
Related
Published
2022-01-31T08:15:07.307Z
Modified
2026-03-10T23:50:55.681180Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

References

Affected packages

Git / github.com/strongswan/strongswan

Affected ranges

Type
GIT
Repo
https://github.com/strongswan/strongswan
Events
Introduced
5fc278edf3795ce7eb2ff11195797f481ede0d77
Fixed
57d6e96943ae583367ae47e08edf1c43013f1bdc
Database specific 
{
    "versions": [
        {
            "introduced": "4.1.2"
        },
        {
            "fixed": "5.9.5"
        }
    ]
}

Affected versions

4.*
4.1.10
4.1.11
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.1.9
4.2.0
4.2.1
4.2.10
4.2.11
4.2.12
4.2.13
4.2.14
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.5rc1
4.3.6
4.4.0
4.4.1
4.5.0
4.5.1
4.5.2
4.5.3
4.6.0
4.6.1
4.6.2
4.6.3
5.*
5.0.0
5.0.1
5.0.2
5.0.2dr4
5.0.2rc1
5.0.3
5.0.3dr1
5.0.3dr2
5.0.3dr3
5.0.3rc1
5.0.4
5.1.0
5.1.0dr1
5.1.0dr2
5.1.0rc1
5.1.1
5.1.1dr1
5.1.1dr2
5.1.1dr3
5.1.1dr4
5.1.1rc1
5.1.2
5.1.2.dr2
5.1.2dr1
5.1.2dr3
5.1.2rc1
5.1.2rc2
5.1.3
5.1.3dr1
5.1.3rc1
5.2.0
5.2.0dr1
5.2.0dr2
5.2.0dr3
5.2.0dr4
5.2.0dr5
5.2.0dr6
5.2.0rc1
5.2.1
5.2.1dr1
5.2.1rc1
5.2.2
5.2.2dr1
5.2.2rc1
5.3.0
5.3.0dr1
5.3.0rc1
5.3.1
5.3.1dr1
5.3.1rc1
5.3.2
5.3.3
5.3.3dr1
5.3.3dr3
5.3.3dr4
5.3.3dr5
5.3.3dr6
5.3.3rc2
5.3.4
5.3.4dr1
5.3.4dr2
5.3.4dr3
5.3.4rc1
5.3.5
5.4.0
5.4.0dr1
5.4.0dr2
5.4.0dr3
5.4.0dr4
5.4.0dr5
5.4.0dr6
5.4.0dr7
5.4.0dr8
5.4.0rc1
5.4.1dr1
5.4.1dr2
5.4.1dr3
5.4.1dr4
5.5.0
5.5.0dr1
5.5.0rc1
5.5.1
5.5.1dr1
5.5.1dr2
5.5.1dr3
5.5.1dr4
5.5.1dr5
5.5.1rc1
5.5.1rc2
5.5.2
5.5.2dr1
5.5.2dr2
5.5.2dr3
5.5.2dr4
5.5.2dr5
5.5.2dr6
5.5.2dr7
5.5.2rc1
5.5.3
5.5.3dr1
5.5.3dr2
5.6.0
5.6.0dr1
5.6.0dr2
5.6.0dr3
5.6.0dr4
5.6.0rc1
5.6.0rc2
5.6.1
5.6.1dr1
5.6.1dr2
5.6.1dr3
5.6.1rc1
5.6.2
5.6.2dr1
5.6.2dr2
5.6.2dr3
5.6.2dr4
5.6.2rc1
5.6.3
5.6.3dr1
5.6.3dr2
5.6.3rc1
5.7.0
5.7.0dr1
5.7.0dr2
5.7.0dr3
5.7.0dr4
5.7.0dr5
5.7.0dr6
5.7.0dr8
5.7.0rc1
5.7.0rc2
5.7.1
5.7.2
5.7.2dr1
5.7.2dr2
5.7.2dr3
5.7.2dr4
5.7.2rc1
5.8.0
5.8.0dr2
5.8.0rc1
5.8.1
5.8.1dr1
5.8.1rc2
5.8.2
5.8.2dr1
5.8.2dr2
5.8.2rc1
5.8.2rc2
5.8.3
5.8.3rc1
5.8.4
5.9.0
5.9.0dr1
5.9.0dr2
5.9.0rc1
5.9.1
5.9.1dr1
5.9.1rc1
5.9.2
5.9.2dr1
5.9.2dr2
5.9.2rc1
5.9.2rc2
5.9.3
5.9.3dr1
5.9.3dr2
5.9.3dr3
5.9.3dr4
5.9.3rc1
5.9.4
5.9.4dr1
5.9.4dr2
5.9.4dr3
5.9.4rc1
5.9.5dr1
5.9.5dr2
5.9.5dr3
5.9.5dr4
5.9.5rc1
android-2.*
android-2.3.3
android-2.3.3-1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "21.10"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45079.json"