CVE-2026-25075

NameCVE-2026-25075
DescriptionstrongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4512-1, DSA-6176-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
strongswan (PTS)bullseye5.9.1-1+deb11u4vulnerable
bullseye (security)5.9.1-1+deb11u6fixed
bookworm5.9.8-5+deb12u2vulnerable
bookworm (security)5.9.8-5+deb12u3fixed
trixie6.0.1-6+deb13u2vulnerable
trixie (security)6.0.1-6+deb13u4fixed
forky, sid6.0.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
strongswansourcebullseye5.9.1-1+deb11u6DLA-4512-1
strongswansourcebookworm5.9.8-5+deb12u3DSA-6176-1
strongswansourcetrixie6.0.1-6+deb13u4DSA-6176-1
strongswansource(unstable)6.0.5-1

Notes

https://www.strongswan.org/blog/2026/03/23/strongswan-vulnerability-(cve-2026-25075).html
Patch: https://download.strongswan.org/security/CVE-2026-25075/
Search for package or bug name: Reporting problems