FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-11-03 18:37:05 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a62c0c50-8aa0-11ee-ac0d-00e0670f2660	strongSwan -- vulnerability in charon-tkm strongSwan reports: A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected. Discovery 2023-11-20 Entry 2023-11-24 strongswan >= 5.3.0 lt 5.9.11_3 CVE-2023-41913 https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html
1f1cf967-b35c-11f0-bce7-bc2411002f50	strongSwan -- Heap-based buffer overflow in eap-mschapv2 plugin due to improper handling of failure request packets Xu Biang reports: The eap-mschapv2 plugin doesn't correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a crash and, depending on the compiler options, even a heap-based buffer overflow that's potentially exploitable for remote code execution. Affected are all strongSwan versions since 4.2.12. Discovery 2025-10-27 Entry 2025-10-27 strongswan >= 4.2.12 lt 6.0.3 CVE-2025-62291 https://www.cve.org/CVERecord?id=CVE-2025-62291

VuXML ID

Description

a62c0c50-8aa0-11ee-ac0d-00e0670f2660

strongSwan -- vulnerability in charon-tkm

strongSwan reports:

A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected.

Discovery 2023-11-20
Entry 2023-11-24
strongswan

>= 5.3.0 lt 5.9.11_3

CVE-2023-41913
https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html

1f1cf967-b35c-11f0-bce7-bc2411002f50

strongSwan -- Heap-based buffer overflow in eap-mschapv2 plugin due to improper handling of failure request packets

Xu Biang reports:

The eap-mschapv2 plugin doesn't correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a crash and, depending on the compiler options, even a heap-based buffer overflow that's potentially exploitable for remote code execution. Affected are all strongSwan versions since 4.2.12.

Discovery 2025-10-27
Entry 2025-10-27
strongswan

>= 4.2.12 lt 6.0.3

CVE-2025-62291
https://www.cve.org/CVERecord?id=CVE-2025-62291