Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-62291

8.1 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 2 months, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 2 months, 1 week ago
@LeSuisse removed
4 packages
- strongswanNM
- strongswanTNC
- strongswanTPM
- networkmanager_strongswan
2 months, 1 week ago
@LeSuisse dismissed 2 months, 1 week ago

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a …

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

References

Affected products

strongSwan

<6.0.3

Matching in nixpkgs

pkgs.strongswan

OpenSource IPsec-based VPN Solution

nixos-unstable 6.0.3
- nixpkgs-unstable 6.0.3
- nixos-unstable-small 6.0.3

Current stable branch has never been impacted.

https://github.com/NixOS/nixpkgs/commit/d8a0ae9d79b2914faf8864c94e552211284094c5

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.strongswan