strongSwan, sephutheloana sa VPN se thehiloeng ho IPSec se sebelisoang ho Linux, Android, FreeBSD, le macOS, se na le ts'oaetso (CVE-2023-41913) e ka sebelisoang hampe bakeng sa ts'ebetso ea khoutu e hole ke mohlaseli. Kotsi e bakoa ke bothata ba ts'ebetso ea charon-tkm ka ts'ebetso ea eona ea TKMv2 (Trusted Key Manager) ea protocol ea Key Exchange (IKE), e bakang ho phatloha ho hoholo ha buffer ha ho ntse ho sebetsa boleng bo hlophisitsoeng ka ho khetheha ba DH (Diffie-Hellman). Ho ba kotsing ho hlaha feela lits'ebetsong tse sebelisang charon-tkm le lintlafatso tse matla tsaSwan ho qala ho tloha ho 5.3.0. Bothata bo lokisitsoe ntlafatsong ea strongSwan 5.9.12. Ho lokisa tlokotsi makaleng a qalang ho tloha ho 5.3.x, li-patches le tsona li lokisitsoe.
Phoso e bakoa ke ho se hlahlobe boholo ba litekanyetso tsa sechaba tsa Diffie-Hellman pele u li kopitsa ho buffer ea boholo bo tsitsitseng sepakapakeng. Phallo e ka qalisoa ka ho romella molaetsa o iqapetsoeng oa IKE_SA_INIT o sebetsoang ntle le netefatso. Liphetolelong tsa khale tsa strongSwan, tlhahlobo ea boholo e ne e etsoa ho KE payload handler (Key Exchange), empa phetolelong ea 5.3.0 ho ile ha eketsoa liphetoho tse ileng tsa tsamaisa cheke ea litekanyetso tsa sechaba ka lehlakoreng la DH protocol handler ( Diffie-Hellman) le ho eketsa mesebetsi e akaretsang ho nolofatsa ho lekola ho nepahala ha lihlopha tse tsebahalang D.H. Ka lebaka la tlhokomelo, ba lebetse ho kenyelletsa mesebetsi e mecha ea ho hlahloba ts'ebetsong ea charon-tkm, e sebetsang e le moemeli pakeng tsa ts'ebetso ea IKE le TKM (Trusted Key Manager), ka lebaka leo mosebetsi oa memcpy () o nang le litekanyetso tse sa lekanyetsoang. e lumelletseng ho fihla ho li-byte tse 512 ho ngolloa data ea buffer ea 10000-byte.
Source: opennet.ru