CVE-2018-5388 - OpenCVE

In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Strongswan	Strongswan

Configuration 1 [-]

cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html
http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html
http://www.kb.cert.org/vuls/id/338343	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/104263	Third Party Advisory VDB Entry
https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4
https://security.gentoo.org/glsa/201811-16	Third Party Advisory
https://usn.ubuntu.com/3771-1/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4229	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2018-05-31T00:00:00

Updated: 2023-06-12T00:00:00

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5388

JSON object: View

NVD Information

Status : Modified

Published: 2018-05-31T13:29:00.220

Modified: 2023-11-07T02:58:42.300

Link: CVE-2018-5388

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2018-5388", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "dateUpdated": "2023-06-12T00:00:00", "dateReserved": "2018-01-12T00:00:00", "datePublished": "2018-05-31T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2023-06-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket."}], "affected": [{"vendor": "strongSwan", "product": "strongSwan", "versions": [{"version": "5.6.3", "status": "affected", "lessThan": "5.6.3", "versionType": "custom"}]}], "references": [{"name": "VU#338343", "tags": ["third-party-advisory"], "url": "http://www.kb.cert.org/vuls/id/338343"}, {"name": "GLSA-201811-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/201811-16"}, {"url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4"}, {"name": "104263", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/104263"}, {"name": "USN-3771-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/3771-1/"}, {"name": "DSA-4229", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2018/dsa-4229"}, {"name": "openSUSE-SU-2019:2594", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"}, {"name": "openSUSE-SU-2019:2598", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"}, {"name": "openSUSE-SU-2020:0403", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"}, {"url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html"}], "credits": [{"lang": "en", "value": "Thanks to Kevin Backhouse for reporting this vulnerability."}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-124", "cweId": "CWE-124"}]}], "source": {"discovery": "UNKNOWN"}, "datePublic": "2018-05-22T00:00:00"}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "8602ED39-DA1E-487C-B509-E3546D48728C", "versionEndExcluding": "5.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket."}, {"lang": "es", "value": "En stroke_socket.c en strongSwan en versiones anteriores a la 5.6.3, la ausencia de comprobaciones de la longitud de los paquetes podr\u00eda permitir un desbordamiento del b\u00fafer, lo que puede conducir al agotamiento del recurso y a la denegaci\u00f3n de servicio mientras se lee desde el socket."}], "id": "CVE-2018-5388", "lastModified": "2023-11-07T02:58:42.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-31T13:29:00.220", "references": [{"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"}, {"source": "cret@cert.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"}, {"source": "cret@cert.org", "url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/338343"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104263"}, {"source": "cret@cert.org", "url": "https://git.strongswan.org/?p=strongswan.git%3Ba=commitdiff%3Bh=0acd1ab4"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201811-16"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3771-1/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4229"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-124"}], "source": "cret@cert.org", "type": "Secondary"}]}