Security Advisory

CVE-2013-6075

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2013-11-02 18:00:00
Last updated 2024-09-16 22:52:14
Assigner mitre
State PUBLISHED

Description

The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.