HIGH
strongSwan
CVE published 2026-03-23
CVE-2026-25075
A vulnerability was found in strongSwan versions 4.5.0 prior to 6.0.5. This issue is an integer underflow in the EAP-TTLS AVP parser, which allows unauthenticated remote attackers to cause a denial of service. The vulnerability is triggered by sending crafted AVP data with invalid length fields during IKEv2 authentication. Unaffected versions have addressed this vulnerability. Users should review their de [truncated]