strongSwan, an IPSec-based VPN package used on Linux, Android, FreeBSD, and macOS, has a vulnerability (CVE-2023-41913) that can be exploited for remote code execution by an attacker. The vulnerability is due to a bug in the charon-tkm process with its TKMv2 (Trusted Key Manager) implementation of the Key Exchange (IKE) protocol, resulting in a buffer overflow when processing specially formatted DH (Diffie–Hellman) scheme values. The vulnerability only appears on systems using charon-tkm and strongSwan releases starting from 5.3.0. The problem is fixed in the strongSwan 5.9.12 update. To fix the vulnerability in branches starting from 5.3.x, patches have also been prepared.
The error is caused by not checking the size of public Diffie-Hellman values before copying them to a fixed-size buffer on the stack. An overflow can be initiated by sending a specially crafted IKE_SA_INIT message that is processed without authentication. In older versions of strongSwan, size checking was carried out in the KE payload handler (Key Exchange), but in version 5.3.0 changes were added that moved the check of public values to the side of the DH protocol handler (Diffie-Hellman) and added generic functions to simplify checking the correctness of known groups D.H. Due to an oversight, they forgot to add new checking functions to the charon-tkm process, which works as a proxy between the IKE process and the TKM (Trusted Key Manager), as a result of which the memcpy() function contained unchecked values that allowed up to 512 bytes to be written to a 10000-byte buffer data.
Source: opennet.ru