| Package | strongswan |
|---|---|
| Version | 5.7.2-1+deb10u5 (buster) |
| Related CVEs | CVE-2025-62291 |
Xu Biang discovered a buffer overflow bug in the eap-mschapv2 plugin of strongSwan, an IKE/IPsec suite. The eap-mschapv2 plugin does not correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a crash, and a heap-based buffer overflow that’s potentially exploitable for remote code execution.
For Debian 10 buster, these problems have been fixed in version 5.7.2-1+deb10u5.
We recommend that you upgrade your strongswan packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.