CVE-2022-4967
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-4967
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4967.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-4967
- Downstream
- Published
- 2024-05-14T11:57:00Z
- Modified
- 2025-10-21T10:13:33.451384Z
- Severity
-
- 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).
- References
Affected packages
Git / github.com/strongswan/strongswan
Affected ranges
- Type
- GIT
- Repo
- https://github.com/strongswan/strongswan
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.1.0
4.1.1
4.1.10
4.1.11
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.1.9
4.2.0
4.2.1
4.2.10
4.2.11
4.2.12
4.2.13
4.2.14
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.5rc1
4.3.6
4.4.0
4.4.1
4.5.0
4.5.1
4.5.2
4.5.3
4.6.0
4.6.1
4.6.2
4.6.3
5.*
5.0.0
5.0.1
5.0.2
5.0.2dr4
5.0.2rc1
5.0.3
5.0.3dr1
5.0.3dr2
5.0.3dr3
5.0.3rc1
5.0.4
5.1.0
5.1.0dr1
5.1.0dr2
5.1.0rc1
5.1.1
5.1.1dr1
5.1.1dr2
5.1.1dr3
5.1.1dr4
5.1.1rc1
5.1.2
5.1.2.dr2
5.1.2dr1
5.1.2dr3
5.1.2rc1
5.1.2rc2
5.1.3
5.1.3dr1
5.1.3rc1
5.2.0
5.2.0dr1
5.2.0dr2
5.2.0dr3
5.2.0dr4
5.2.0dr5
5.2.0dr6
5.2.0rc1
5.2.1
5.2.1dr1
5.2.1rc1
5.2.2
5.2.2dr1
5.2.2rc1
5.3.0
5.3.0dr1
5.3.0rc1
5.3.1
5.3.1dr1
5.3.1rc1
5.3.2
5.3.3
5.3.3dr1
5.3.3dr3
5.3.3dr4
5.3.3dr5
5.3.3dr6
5.3.3rc2
5.3.4
5.3.4dr1
5.3.4dr2
5.3.4dr3
5.3.4rc1
5.3.5
5.4.0
5.4.0dr1
5.4.0dr2
5.4.0dr3
5.4.0dr4
5.4.0dr5
5.4.0dr6
5.4.0dr7
5.4.0dr8
5.4.0rc1
5.4.1dr1
5.4.1dr2
5.4.1dr3
5.4.1dr4
5.5.0
5.5.0dr1
5.5.0rc1
5.5.1
5.5.1dr1
5.5.1dr2
5.5.1dr3
5.5.1dr4
5.5.1dr5
5.5.1rc1
5.5.1rc2
5.5.2
5.5.2dr1
5.5.2dr2
5.5.2dr3
5.5.2dr4
5.5.2dr5
5.5.2dr6
5.5.2dr7
5.5.2rc1
5.5.3
5.5.3dr1
5.5.3dr2
5.6.0
5.6.0dr1
5.6.0dr2
5.6.0dr3
5.6.0dr4
5.6.0rc1
5.6.0rc2
5.6.1
5.6.1dr1
5.6.1dr2
5.6.1dr3
5.6.1rc1
5.6.2
5.6.2dr1
5.6.2dr2
5.6.2dr3
5.6.2dr4
5.6.2rc1
5.6.3
5.6.3dr1
5.6.3dr2
5.6.3rc1
5.7.0
5.7.0dr1
5.7.0dr2
5.7.0dr3
5.7.0dr4
5.7.0dr5
5.7.0dr6
5.7.0dr8
5.7.0rc1
5.7.0rc2
5.7.1
5.7.2
5.7.2dr1
5.7.2dr2
5.7.2dr3
5.7.2dr4
5.7.2rc1
5.8.0
5.8.0dr2
5.8.0rc1
5.8.1
5.8.1dr1
5.8.1rc2
5.8.2
5.8.2dr1
5.8.2dr2
5.8.2rc1
5.8.2rc2
5.8.3
5.8.3rc1
5.8.4
5.9.0
5.9.0dr1
5.9.0dr2
5.9.0rc1
5.9.1
5.9.1dr1
5.9.1rc1
5.9.2
5.9.2dr1
5.9.2dr2
5.9.2rc1
5.9.2rc2
5.9.3
5.9.3dr1
5.9.3dr2
5.9.3dr3
5.9.3dr4
5.9.3rc1
5.9.4
5.9.4dr1
5.9.4dr2
5.9.4dr3
5.9.4rc1
5.9.5
5.9.5dr1
5.9.5dr2
5.9.5dr3
5.9.5dr4
5.9.5rc1
android-2.*
android-2.3.3
android-2.3.3-1
Database specific
vanir_signatures
[
{
"source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "send_key_exchange_encrypt",
"file": "src/libtls/tls_peer.c"
},
"id": "CVE-2022-4967-1a12fff4",
"signature_type": "Function",
"digest": {
"length": 1629.0,
"function_hash": "229327423693068019333482254977440631366"
}
},
{
"source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "tls_find_public_key",
"file": "src/libtls/tls_server.c"
},
"id": "CVE-2022-4967-598d9ae1",
"signature_type": "Function",
"digest": {
"length": 585.0,
"function_hash": "40996807859007373074460075075838764263"
}
},
{
"source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "process_cert_verify",
"file": "src/libtls/tls_server.c"
},
"id": "CVE-2022-4967-5eec59fb",
"signature_type": "Function",
"digest": {
"length": 812.0,
"function_hash": "10058219289210136812147994005291638990"
}
},
{
"source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "process_cert_verify",
"file": "src/libtls/tls_peer.c"
},
"id": "CVE-2022-4967-97dbeaad",
"signature_type": "Function",
"digest": {
"length": 820.0,
"function_hash": "252755643761933897749899606010188678882"
}
},
{
"source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "process_modp_key_exchange",
"file": "src/libtls/tls_peer.c"
},
"id": "CVE-2022-4967-b7a2fe35",
"signature_type": "Function",
"digest": {
"length": 1942.0,
"function_hash": "216694263043041037499179477589224375067"
}
},
{
"source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "process_ec_key_exchange",
"file": "src/libtls/tls_peer.c"
},
"id": "CVE-2022-4967-de723e7c",
"signature_type": "Function",
"digest": {
"length": 2717.0,
"function_hash": "118434765318832376156361802437971748377"
}
},
{
"source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/libtls/tls_peer.c"
},
"id": "CVE-2022-4967-f20242b8",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"229400809894567376555921683802648030370",
"224893881739257184856010924054928237201",
"332345852565583412669789961522385218175",
"9063154467130130065658916835352025303",
"217507570939720489052883851071055495599",
"311738739724082187616704889031676639100",
"52385069922578192468510523726254989248",
"227818797753182964353371269131837265845",
"89522631616381438168524258764928273746",
"77300050891222599619603736940655119474",
"127863257509405125426456340302296568470",
"8468002517573446442019565981308043882",
"82232005207467064140640778972187898221",
"77300050891222599619603736940655119474",
"127863257509405125426456340302296568470",
"8468002517573446442019565981308043882",
"89522631616381438168524258764928273746",
"77300050891222599619603736940655119474",
"127863257509405125426456340302296568470",
"8468002517573446442019565981308043882"
]
}
},
{
"source": "https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/libtls/tls_server.c"
},
"id": "CVE-2022-4967-fecf3d0f",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"78515405905118962559508779596501436965",
"17833456349906317718900164075029167902",
"306932862811193668079133993590605667217",
"169075892614574621953335468159410888208",
"51704737262552831804433348024332176187",
"195325518392457070668088786390150896718",
"56071113674080884090147510379863010314",
"256940141627077002244184166511049376041",
"249757746048041252117052894885411958317",
"134427150802605942791448424993548135032",
"337209709849843004341933797566995272448",
"63032851982266000158574236282466886001",
"105357985101231697501845586005123878282"
]
}
}
]