git: c1b081145ff7 - main - security/strongswan: Document DOS vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 10 Oct 2022 12:25:28 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=c1b081145ff7f719c3867702e9d83718b674505d
commit c1b081145ff7f719c3867702e9d83718b674505d
Author: rob2g2 <rob2g2-freebsd@bitbert.com>
AuthorDate: 2022-10-10 12:16:36 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-10-10 12:21:57 +0000
security/strongswan: Document DOS vulnerability
ChangeLog:
https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html
PR: 266938
Reported by: rob2g2-freebsd@bitbert.com
Security: CVE-2022-40617
---
security/vuxml/vuln-2022.xml | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index 831c3685b898..87c5b48d1f01 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,31 @@
+ <vuln vid="0ae56f3e-488c-11ed-bb31-b42e99a1b9c3">
+ <topic>strongswan -- DOS attack vulnerability</topic>
+ <affects>
+ <package>
+ <name>strongswan</name>
+ <range><lt>5.9.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Lahav Schlesinger reported a bug related to online
+ certificate revocation checking that can lead to a
+ denial-of-service attack</p>
+ <blockquote cite="https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html">
+ <p>.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-40617</cvename>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40617</url>
+ </references>
+ <dates>
+ <discovery>2022-10-03</discovery>
+ <entry>2022-10-10</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e4133d8b-ab33-451a-bc68-3719de73d54a">
<topic>routinator -- potential DOS attack</topic>
<affects>