Vulnerability Description
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Strongswan | Strongswan | < 5.9.8 |
| Canonical | Ubuntu Linux | 14.04 |
| Debian | Debian Linux | 10.0 |
| Fedoraproject | Fedora | 37 |
| Stormshield | Stormshield Network Security | >= 3.11.1, < 3.11.20 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-
FAQ
What is CVE-2022-40617?
CVE-2022-40617 is a vulnerability with a CVSS score of 7.5 (HIGH). strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL tha...
How severe is CVE-2022-40617?
CVE-2022-40617 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40617?
Check the references section above for vendor advisories and patch information. Affected products include: Strongswan Strongswan, Canonical Ubuntu Linux, Debian Debian Linux, Fedoraproject Fedora, Stormshield Stormshield Network Security.