| Package | strongswan |
|---|---|
| Version | 5.7.2-1+deb10u6 (buster) |
| Related CVEs | CVE-2026-25075 |
Kazuma Matsumoto discovered an integer overflow bug in the EAP-TTLS plugin of strongSwan, an IKE/IPsec suite.
The EAP-TTLS plugin doesn’t check the length field in the header of attribute-value pairs (AVPs) tunneled in EAP-TTLS, which can cause an integer underflow that may lead to a crash. An unauthenticated attacker could exploit this for a DoS attack by sending a crafted message.
For Debian 10 buster, these problems have been fixed in version 5.7.2-1+deb10u6.
We recommend that you upgrade your strongswan packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.