CVE-2010-2628
Published Aug 20, 2010
Last updated 14 years ago
Overview
- Description
- The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-94
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583"
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721"
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEDBF811-7E48-4E99-AE05-FFC12AAF1CDF"
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83086A98-0F54-460E-929F-A32DCCC604A7"
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8421916C-B6D2-4771-8E59-7057ACC096E6"
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A76F8B29-E036-4895-8296-29FE49C34A34"
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "345E6CA4-A6E3-4A8B-9542-04D032956FCB"
},
{
"criteria": "cpe:2.3:a:strongswan:strongswan:4.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "693623FC-189E-478E-8426-292A9002AABA"
}
],
"operator": "OR"
}
]
}
]