CNNVD-202601-2764 Information

Jan 16, 2026 cve

CNNVD ID

CNNVD-202601-2764

CVE-2025-62291

  • CNNVD Published: 2026-01-16

Description (Chinese)

strongSwan是瑞士Andreas Steffen个人开发者的一套Linux平台使用的开源的基于IPsec的VPN解决方案。该方案包含X.509公开密钥证书、安全储存私钥、智能卡等认证机制。 strongSwan 6.0.3之前版本存在数字错误漏洞,该漏洞源于eap-mschapv2插件存在整数下溢,可能导致基于堆的缓冲区溢出。

Description (English)

StrongSwan is an open-source, IPsec-based VPN solution for a set of Linux platforms used by Andreas Stephen personal developers in Switzerland. The program contains certification mechanisms such as X.509 public key certificates, secure storage of private keys, smart cards, etc. There was a digital error loophole in the pre-version 6.0.3 from the integer spill of the eap-mschapv2 plugin, which could result in a pile-based buffer zone spilling.

Hazard Level

Medium

Vulnerability Type

数字错误

Affected Vendor

个人开发者

Published

2026-01-16

Last Modified

2026-02-24

References

https://github.com/strongswan/strongswan/commits/master/src/libcharon/plugins/eap_mschapv2 https://github.com/strongswan/strongswan/releases https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-%28cve-2025-62291%29.html https://lists.debian.org/debian-lts-announce/2025/11/msg00002.html

Patch

https://github.com/strongswan/strongswan/releases

Share on: