vulnerability
FreeBSD: VID-7fc3e827-64a5-11e8-aedb-00224d821998 (CVE-2018-10811): strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | May 31, 2018 | Jun 1, 2018 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
May 31, 2018
Added
Jun 1, 2018
Modified
Dec 10, 2025
Description
strongSwan security team reports: A denial-of-service vulnerability in the IKEv2 key derivation was fixed if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (which is not FIPS-compliant). So this should only affect very specific setups, but in such configurations all strongSwan versions since 5.0.1 may be affected. A denial-of-service vulnerability in the stroke plugin was fixed. When reading a message from the socket the plugin did not check the received length. Unless a group is configured, root privileges are required to access that socket, so in the default configuration this shouldn't be an issue, but all strongSwan versions may be affected.
Solution
freebsd-upgrade-package-strongswan
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.