The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:14:50
Updated: 2022-10-03T16:14:50
Reserved: 2022-10-03T00:00:00
Link: CVE-2013-6075
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-11-02T18:55:03.283
Modified: 2013-11-21T18:41:18.297
Link: CVE-2013-6075
JSON object: View
Redhat Information
No data.
CWE