FKIE_CVE-2013-5018

Vulnerability from fkie_nvd - Published: 2013-08-28 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html
cve@mitre.orghttp://secunia.com/advisories/54315Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/54524Vendor Advisory
cve@mitre.orghttp://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.htmlVendor Advisory
cve@mitre.orghttp://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.htmlVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/61564
cve@mitre.orghttps://lists.strongswan.org/pipermail/users/2013-July/009540.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54315Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54524Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/61564
af854a3a-2127-422b-91ae-364da2661108https://lists.strongswan.org/pipermail/users/2013-July/009540.htmlExploit
Impacted products
Vendor Product Version
strongswan strongswan 4.1.11
strongswan strongswan 5.0.0
strongswan strongswan 5.0.1
strongswan strongswan 5.0.2
strongswan strongswan 5.0.3
strongswan strongswan 5.0.4
opensuse opensuse 11.4
opensuse opensuse 12.2
opensuse opensuse 12.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:strongswan:strongswan:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D636603-65D5-45DB-AF7F-DD01B3932914",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "944942A8-79D0-40AC-BE98-D552DCF2BB07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "905ABDB8-6CC3-4F7F-8853-8EDDA5E5AB8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "14E2A13E-427F-45A7-B898-64C10CD8962B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40ED1E2A-B769-4B1D-83D1-300789E03C97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "339D620A-CD60-4078-81A1-5703B1CFBB3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n  is_asn1 en strongSwan v4.1.11 hasta v5.0.4 no valida correctamente el valor de retorno de la funci\u00f3n asn1_length, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de (1) nombre de usuario XAuth, (2) identidad EAP, o (3) la codificaci\u00f3n PEM de un fichero que comienza con los caracteres \"0x04, 0x30, o 0x31\" seguidos por un valor de tama\u00f1o ASN.1 que dispara un desbordamiento de enteros."
    }
  ],
  "id": "CVE-2013-5018",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-28T23:55:10.650",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54315"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54524"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/61564"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://lists.strongswan.org/pipermail/users/2013-July/009540.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://lists.strongswan.org/pipermail/users/2013-July/009540.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.