[3.5] strongswan: integer underflow leads to buffer overflow and denial of service in stroke_socket.c (CVE-2018-5388)
A flaw was found in strongSwan VPN’s charon server prior to version
5.6.3. In stroke_socket.c, a missing packet length check could allow
a integer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. A remote attacker with
local user credentials (possibly a normal user in the vpn group, or root) may be able to overflow the buffer and cause a denial of service.
Fixed In Version:
(from redmine: issue id 8957, created on 2018-05-31, closed on 2018-06-11)