CVE-2010-2628 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
strongswan	strongswan	4.3.0
strongswan	strongswan	4.3.1
strongswan	strongswan	4.3.2
strongswan	strongswan	4.3.3
strongswan	strongswan	4.3.4
strongswan	strongswan	4.3.5
strongswan	strongswan	4.3.6
strongswan	strongswan	4.4.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

strongswan

bullseye (security)	5.9.1-1+deb11u4 fixed
bullseye	5.9.1-1+deb11u4 fixed
lenny	not-affected
squeeze	not-affected
bookworm	5.9.8-5+deb12u1 fixed
bookworm (security)	5.9.8-5+deb12u1 fixed
sid	5.9.13-2 fixed
trixie	5.9.13-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

strongswan

saucy	not-affected
raring	not-affected
quantal	not-affected
precise	not-affected
oneiric	not-affected
natty	not-affected
maverick	ignored
lucid	ignored
karmic	ignored
jaunty	ignored
hardy	ignored
dapper	dne

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch

http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch

http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch

http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch

http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch

http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html

http://secunia.com/advisories/40956

http://trac.strongswan.org/projects/strongswan/wiki/441

http://www.securityfocus.com/bid/42444

http://www.securitytracker.com/id?1024338

http://www.vupen.com/english/advisories/2010/2085

http://www.vupen.com/english/advisories/2010/2086

https://bugzilla.novell.com/615915

https://lists.strongswan.org/pipermail/users/2010-August/005167.html

http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch

http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch

http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch

http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch

http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch

http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html

http://secunia.com/advisories/40956

http://trac.strongswan.org/projects/strongswan/wiki/441

http://www.securityfocus.com/bid/42444

http://www.securitytracker.com/id?1024338

http://www.vupen.com/english/advisories/2010/2085

http://www.vupen.com/english/advisories/2010/2086

https://bugzilla.novell.com/615915

https://lists.strongswan.org/pipermail/users/2010-August/005167.html