Nixpkgs security tracker

Untriaged

Permalink CVE-2025-62291

8.1 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months, 4 weeks ago

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a …

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

References

Affected products

strongSwan

<6.0.3

Matching in nixpkgs

pkgs.strongswan

OpenSource IPsec-based VPN Solution

nixos-unstable 5.9.14
- nixpkgs-unstable 5.9.14
- nixos-unstable-small 5.9.14
nixos-25.11 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.strongswanNM

OpenSource IPsec-based VPN Solution

nixos-unstable 5.9.14
- nixpkgs-unstable 5.9.14
- nixos-unstable-small 5.9.14
nixos-25.11 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.strongswanTNC

OpenSource IPsec-based VPN Solution

nixos-unstable 5.9.14
- nixpkgs-unstable 5.9.14
- nixos-unstable-small 5.9.14
nixos-25.11 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.strongswanTPM

OpenSource IPsec-based VPN Solution

nixos-unstable 5.9.14
- nixpkgs-unstable 5.9.14
- nixos-unstable-small 5.9.14
nixos-25.11 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.networkmanager_strongswan

NetworkManager's strongswan plugin

nixos-unstable 1.6.2
- nixpkgs-unstable 1.6.2
- nixos-unstable-small 1.6.2
nixos-25.11 1.6.4
- nixpkgs-25.11-darwin 1.6.4

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.strongswan

pkgs.strongswanNM

pkgs.strongswanTNC

pkgs.strongswanTPM

pkgs.networkmanager_strongswan