Buffer Underwrite ('Buffer Underflow')

CVE-2018-5388

Medium

6.5/10

Summary

In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-124 - Buffer Underwrite ('Buffer Underflow')

The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

References

Advisory Timeline

Published May 31, 2018

Buffer Underwrite ('Buffer Underflow')

CVE-2018-5388

Summary

CWE-124 - Buffer Underwrite ('Buffer Underflow')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS