Home > Vulnerability Database > CVE-2010-2628

Mend.io Vulnerability Database

CVE-2010-2628

Good to know:

Date: August 20, 2010

The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.

Language: C

Severity Score

7.3

Related Resources (16)

Url: http://www.securitytracker.com/id?1024338

Url: https://lists.strongswan.org/pipermail/users/2010-August/005167.html

Url: http://www.securityfocus.com/bid/42444

Url: http://secunia.com/advisories/40956

Url: http://www.vupen.com/english/advisories/2010/2086

Url: http://trac.strongswan.org/projects/strongswan/wiki/441

Url: http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html

Url: http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch

Url: http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-2628

Url: http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch

Url: https://bugzilla.novell.com/615915

Url: http://www.vupen.com/english/advisories/2010/2085

Url: http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch

Url: http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch

Url: https://www.mend.io/vulnerability-database/CVE-2010-2628

Severity Score

7.3

Weakness Type (CWE)

Code Injection

CWE-94

Top Fix

Upgrade Version

Upgrade to version 4.3.7

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-2628

Good to know:

Date: August 20, 2010

Language: C

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?