CVE-2025-62291
EUVD-2026-287016.01.2026, 19:16
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| strongswan | strongswan | 4.2.12 ≤ 𝑥 < 6.0.3 | CNA |
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| strongswan |
| ||||||||||||||||||||||||
| strongswan-doc |
| ||||||||||||||||||||||||
| strongswan-hmac |
| ||||||||||||||||||||||||
| strongswan-ipsec |
| ||||||||||||||||||||||||
| strongswan-libs0 |
|
Common Weakness Enumeration
References