Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

Related bugs and status

CVE-2022-40617 (Candidate) is related to these bugs:

Bug #1997197: [Debian] CVE: CVE-2022-40617: strongswan: remote attackers to cause a denial of service

Summary				In	Importance	Status
	1997197	[Debian] CVE: CVE-2022-40617: strongswan: remote attackers to cause a denial of service		StarlingX	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.strongswan...
FEDORA: FEDORA-2022-525510c815