CVE-2023-26463

Name of the Vulnerable Software and Affected Versions strongSwan versions 5.9.8 through 5.9.9

Description The issue is related to incorrect access control and an expired pointer dereference due to the use of a variable named public for two different purposes within the same function. This can potentially allow remote code execution. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods, such as EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC.

Recommendations For strongSwan versions 5.9.8 and 5.9.9, update to version 5.9.10 to resolve the issue. As a temporary workaround, consider disabling the use of TLS-based EAP methods until the update is applied. Restrict access to the public variable and ensure proper access control to minimize the risk of exploitation. Avoid using untrusted client certificates during EAP-TLS authentication.