FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-12-30 20:43:55 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1f1cf967-b35c-11f0-bce7-bc2411002f50	strongSwan -- Heap-based buffer overflow in eap-mschapv2 plugin due to improper handling of failure request packets Xu Biang reports: The eap-mschapv2 plugin doesn't correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a crash and, depending on the compiler options, even a heap-based buffer overflow that's potentially exploitable for remote code execution. Affected are all strongSwan versions since 4.2.12. Discovery 2025-10-27 Entry 2025-10-27 strongswan >= 4.2.12 lt 6.0.3 CVE-2025-62291 https://www.cve.org/CVERecord?id=CVE-2025-62291

VuXML ID

Description

1f1cf967-b35c-11f0-bce7-bc2411002f50

strongSwan -- Heap-based buffer overflow in eap-mschapv2 plugin due to improper handling of failure request packets

Xu Biang reports:

The eap-mschapv2 plugin doesn't correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a crash and, depending on the compiler options, even a heap-based buffer overflow that's potentially exploitable for remote code execution. Affected are all strongSwan versions since 4.2.12.

Discovery 2025-10-27
Entry 2025-10-27
strongswan

>= 4.2.12 lt 6.0.3

CVE-2025-62291
https://www.cve.org/CVERecord?id=CVE-2025-62291