CVE-2023-41913

一、漏洞信息
 漏洞编号：[CVE-2023-41913](https://nvd.nist.gov/vuln/detail/CVE-2023-41913)
 漏洞归属组件：[strongswan](https://gitee.com/src-openeuler/strongswan)
 漏洞归属的版本：5.7.2,5.9.10,5.9.7
 CVSS V3.0分值：
  BaseScore：9.8 Critical
  Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 漏洞简述：
  strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm s DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
 漏洞公开时间：2023-12-07 13:15:09
 漏洞创建时间：2023-12-07 14:30:30
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2023-41913
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| cve.mitre.org | https://github.com/strongswan/strongswan/releases |  |
| cve.mitre.org | https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html |  |
| redhat_bugzilla | https://github.com/strongswan/strongswan/releases | https://bugzilla.redhat.com/show_bug.cgi?id=2254560 |
| redhat_bugzilla | https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html | https://bugzilla.redhat.com/show_bug.cgi?id=2254560 |
| snyk | https://github.com/strongswan/strongswan/commit/96d793718955820dfe5e6d8aa6127a34795ae39e | https://security.snyk.io/vuln/SNYK-UNMANAGED-STRONGSWAN-6102496 |
| snyk | https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html | https://security.snyk.io/vuln/SNYK-UNMANAGED-STRONGSWAN-6102496 |
| cve.mitre.org | https://github.com/strongswan/strongswan/releases |  |
| cve.mitre.org | https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html |  |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41913 | https://ubuntu.com/security/CVE-2023-41913 |
| ubuntu | https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html | https://ubuntu.com/security/CVE-2023-41913 |
| ubuntu | https://ubuntu.com/security/notices/USN-6488-1 | https://ubuntu.com/security/CVE-2023-41913 |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2023-41913 | https://ubuntu.com/security/CVE-2023-41913 |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2023-41913 | https://ubuntu.com/security/CVE-2023-41913 |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2023-41913 | https://ubuntu.com/security/CVE-2023-41913 |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
|  |  | https://github.com/strongswan/strongswan/commit/96d793718955820dfe5e6d8aa6127a34795ae39e |  | snyk |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
            strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm s DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.     
 openEuler评分：
  9.8
 Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(5.7.2):受影响
2.openEuler-20.03-LTS-SP3(5.7.2):受影响
3.openEuler-20.03-LTS-SP4:受影响
4.openEuler-22.03-LTS(5.7.2):受影响
5.openEuler-22.03-LTS-SP1(5.9.7):受影响
6.openEuler-22.03-LTS-SP2(5.9.7):受影响
7.openEuler-22.03-LTS-SP3:受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP1(5.7.2):否
2.openEuler-20.03-LTS-SP3(5.7.2):否
3.openEuler-20.03-LTS-SP4:否
4.openEuler-22.03-LTS(5.7.2):否
5.openEuler-22.03-LTS-SP1(5.9.7):否
6.openEuler-22.03-LTS-SP2(5.9.7):否
7.openEuler-22.03-LTS-SP3:否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2023-1945

src-openEuler/strongswan
关闭

内容风险标识

评论 (11)

src-openEuler/strongswan关闭 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2023-41913

评论 (11)

搜索帮助

src-openEuler/strongswan
关闭