Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: networkmanager_strongswan

Found 6 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-25075
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 weeks, 1 day ago
strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.

Affected products

strongSwan
  • <6.0.5

Matching in nixpkgs

Untriaged
Permalink CVE-2012-1096
created 1 month, 3 weeks ago
NetworkManager 0.9 and earlier allows local users to use other …

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.

References

Affected products

NetworkManager
  • ==0.9 and earlier

Matching in nixpkgs

Untriaged
Permalink CVE-2025-9615
created 2 months, 2 weeks ago
Networkmanager: networkmanager file access

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.

Affected products

NetworkManager

Matching in nixpkgs

pkgs.networkmanager_dmenu

Small script to manage NetworkManager connections with dmenu instead of nm-applet

Untriaged
Permalink CVE-2025-62291
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 months, 4 weeks ago
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a …

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

Affected products

strongSwan
  • <6.0.3

Matching in nixpkgs

Untriaged
Permalink CVE-2022-4967
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 year, 2 months ago
strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass …

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).

References

Affected products

strongswan
  • <5.9.6

Matching in nixpkgs

Untriaged
Permalink CVE-2024-6501
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 year, 3 months ago
Networkmanager: denial of service

A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.

References

Affected products

NetworkManager
  • <1.48.10-2
  • *

Matching in nixpkgs

Package maintainers