CVE-2018-10811 HIGH

Published: 2018-06-19 | Last Modified: 2026-06-17 | Status: Modified

Description

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.

Additional Descriptions (1)

strongSwan, en versiones 5.6.0 y anteriores, permite una denegación de servicio (DoS) remota debido a la falta de inicialización de una variable.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-909

Affected Products

Vendor	Product	Version	Update	Type
strongswan	strongswan	*	<built-in method update of dict object at 0x72a9b0c12200>	Application
debian	debian_linux	8.0	<built-in method update of dict object at 0x72a9ccf89980>	Operating System
debian	debian_linux	9.0	<built-in method update of dict object at 0x72a9b0c12300>	Operating System
canonical	ubuntu_linux	14.04	<built-in method update of dict object at 0x72a9cd07bec0>	Operating System
canonical	ubuntu_linux	16.04	<built-in method update of dict object at 0x72a9cd07b2c0>	Operating System
canonical	ubuntu_linux	18.04	<built-in method update of dict object at 0x72a9cd07ad00>	Operating System
fedoraproject	fedora	28	<built-in method update of dict object at 0x72a9b0c10100>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:strongswan:strongswan::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:8.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:9.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fedoraproject:fedora:28:::::::*`

References

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html
Source: [email protected]

Broken Link
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html
Source: [email protected]

Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html
Source: [email protected]

Broken Link
https://download.strongswan.org/security/CVE-2018-10811/
Source: [email protected]

Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBO6ZQKLB5RY3TV7MXADFTQKXA2LUEIL/
Source: [email protected]
https://security.gentoo.org/glsa/201811-16
Source: [email protected]

Third Party Advisory
https://usn.ubuntu.com/3771-1/
Source: [email protected]

Third Party Advisory
https://www.debian.org/security/2018/dsa-4229
Source: [email protected]

Third Party Advisory
https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-%28cve-2018-10811%29.html
Source: [email protected]
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html
Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html
Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link
https://download.strongswan.org/security/CVE-2018-10811/
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBO6ZQKLB5RY3TV7MXADFTQKXA2LUEIL/
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.gentoo.org/glsa/201811-16
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://usn.ubuntu.com/3771-1/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.debian.org/security/2018/dsa-4229
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-%28cve-2018-10811%29.html
Source: af854a3a-2127-422b-91ae-364da2661108