CVE-2022-4967

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-4967
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4967.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-4967
Downstream
Published
2024-05-14T11:57:00.550Z
Modified
2026-02-06T22:02:56.174347Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).

References

Affected packages

Git / github.com/strongswan/strongswan

Affected ranges

Type
GIT
Repo
https://github.com/strongswan/strongswan
Events
Fixed
e4b4aabc4996fc61c37deab7858d07bc4d220136
Introduced
87ba3a424deeab24f84777b712183f904ca9e0ac
Fixed
e4b4aabc4996fc61c37deab7858d07bc4d220136

Affected versions

5.*
5.9.2
5.9.3
5.9.3dr1
5.9.3dr2
5.9.3dr3
5.9.3dr4
5.9.3rc1
5.9.4
5.9.4dr1
5.9.4dr2
5.9.4dr3
5.9.4rc1
5.9.5
5.9.5dr1
5.9.5dr2
5.9.5dr3
5.9.5dr4
5.9.5rc1
android-2.*
android-2.3.3
android-2.3.3-1

Database specific

vanir_signatures 
[
    {
        "deprecated": false,
        "source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
        "id": "CVE-2022-4967-1a12fff4",
        "target": {
            "file": "src/libtls/tls_peer.c",
            "function": "send_key_exchange_encrypt"
        },
        "digest": {
            "function_hash": "229327423693068019333482254977440631366",
            "length": 1629.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
        "id": "CVE-2022-4967-598d9ae1",
        "target": {
            "file": "src/libtls/tls_server.c",
            "function": "tls_find_public_key"
        },
        "digest": {
            "function_hash": "40996807859007373074460075075838764263",
            "length": 585.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
        "id": "CVE-2022-4967-5eec59fb",
        "target": {
            "file": "src/libtls/tls_server.c",
            "function": "process_cert_verify"
        },
        "digest": {
            "function_hash": "10058219289210136812147994005291638990",
            "length": 812.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
        "id": "CVE-2022-4967-97dbeaad",
        "target": {
            "file": "src/libtls/tls_peer.c",
            "function": "process_cert_verify"
        },
        "digest": {
            "function_hash": "252755643761933897749899606010188678882",
            "length": 820.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
        "id": "CVE-2022-4967-b7a2fe35",
        "target": {
            "file": "src/libtls/tls_peer.c",
            "function": "process_modp_key_exchange"
        },
        "digest": {
            "function_hash": "216694263043041037499179477589224375067",
            "length": 1942.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
        "id": "CVE-2022-4967-de723e7c",
        "target": {
            "file": "src/libtls/tls_peer.c",
            "function": "process_ec_key_exchange"
        },
        "digest": {
            "function_hash": "118434765318832376156361802437971748377",
            "length": 2717.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
        "id": "CVE-2022-4967-f20242b8",
        "target": {
            "file": "src/libtls/tls_peer.c"
        },
        "digest": {
            "line_hashes": [
                "229400809894567376555921683802648030370",
                "224893881739257184856010924054928237201",
                "332345852565583412669789961522385218175",
                "9063154467130130065658916835352025303",
                "217507570939720489052883851071055495599",
                "311738739724082187616704889031676639100",
                "52385069922578192468510523726254989248",
                "227818797753182964353371269131837265845",
                "89522631616381438168524258764928273746",
                "77300050891222599619603736940655119474",
                "127863257509405125426456340302296568470",
                "8468002517573446442019565981308043882",
                "82232005207467064140640778972187898221",
                "77300050891222599619603736940655119474",
                "127863257509405125426456340302296568470",
                "8468002517573446442019565981308043882",
                "89522631616381438168524258764928273746",
                "77300050891222599619603736940655119474",
                "127863257509405125426456340302296568470",
                "8468002517573446442019565981308043882"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
        "id": "CVE-2022-4967-fecf3d0f",
        "target": {
            "file": "src/libtls/tls_server.c"
        },
        "digest": {
            "line_hashes": [
                "78515405905118962559508779596501436965",
                "17833456349906317718900164075029167902",
                "306932862811193668079133993590605667217",
                "169075892614574621953335468159410888208",
                "51704737262552831804433348024332176187",
                "195325518392457070668088786390150896718",
                "56071113674080884090147510379863010314",
                "256940141627077002244184166511049376041",
                "249757746048041252117052894885411958317",
                "134427150802605942791448424993548135032",
                "337209709849843004341933797566995272448",
                "63032851982266000158574236282466886001",
                "105357985101231697501845586005123878282"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4967.json"