The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-11-02T18:00:00Z

Updated: 2024-09-16T22:52:14.060Z

Reserved: 2013-10-11T00:00:00Z

Link: CVE-2013-6075

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-11-02T18:55:03.283

Modified: 2024-11-21T01:58:42.553

Link: CVE-2013-6075

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-11-01T00:00:00Z

Links: CVE-2013-6075 - Bugzilla