CVE-2010-2628

Description

The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.

How to fix CVE-2010-2628

To remediate CVE-2010-2628, upgrade the affected package to a fixed version below.

• Debian/strongswan—upgrade to 4.4.1-1 or later

Is CVE-2010-2628 being exploited?

Moderate — EPSS is 5.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 4.4.1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-2628