2450414 – (CVE-2026-25075) CVE-2026-25075 strongSwan: strongSwan: Denial of Service via integer underflow in EAP-TTLS AVP parser

Bug 2450414 (CVE-2026-25075) - CVE-2026-25075 strongSwan: strongSwan: Denial of Service via integer underflow in EAP-TTLS AVP parser

Summary: CVE-2026-25075 strongSwan: strongSwan: Denial of Service via integer underflo...

Keywords:
Status:	NEW
Alias:	CVE-2026-25075
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2450652 2450653 2450654
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-23 19:02 UTC by OSIDB Bzimport
Modified:	2026-03-24 09:14 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-23 19:02:07 UTC

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.

Note You need to log in before you can comment on or make changes to this bug.