CVE-2022-4967

NameCVE-2022-4967
DescriptionstrongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
strongswan (PTS)bullseye (security), bullseye5.9.1-1+deb11u4fixed
bookworm, bookworm (security)5.9.8-5+deb12u1fixed
trixie6.0.1-6+deb13u1fixed
forky, sid6.0.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
strongswansourcebuster(not affected)
strongswansourcebullseye(not affected)
strongswansource(unstable)5.9.6-1

Notes

[bullseye] - strongswan <not-affected> (Introduced in 5.9.2)
[buster] - strongswan <not-affected> (Introduced in 5.9.2)
https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html
https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136 (5.9.6rc1)
Search for package or bug name: Reporting problems