CVE-2023-41913: Critical Buffer Overflow Vulnerability Discovered in strongSwan

CVE-2023-41913

strongSwan, a widely used open-source VPN software, has been found to harbor a critical security vulnerability that could allow remote attackers to execute arbitrary code on affected systems. This vulnerability, tracked as CVE-2023-41913, affects all strongSwan versions since 5.3.0 and is linked to an unchecked memory copy operation within the charon-tkm component.

Before unraveling the vulnerability, it’s crucial to understand what strongSwan represents. As a modular and free open-source solution, strongSwan implements the Internet Key Exchange Protocol (IPsec), providing a secure channel for IP traffic in diverse scenarios. Its compatibility across platforms like Linux, FreeBSD, macOS, and Windows makes it a preferred choice for many organizations.

CVE-2023-41913

StrongSwan is known for its support of various authentication methods, including X.509 certificates, pre-shared keys, and digital signatures. Its versatility extends to supporting multiple encryption algorithms, such as AES, ChaCha20, and Blowfish, and can operate using either IKEv1 or IKEv2 for key exchange.

The root cause of this vulnerability lies within the charon-tkm component of strongSwan. This flaw, resulting from a buffer overflow, poses a potential threat to remote code execution. It is triggered by the improper handling of DH (Diffie-Hellman) public values in the IKE daemon (charon-tkm), leading to a buffer overflow that could be exploited by sending a specifically crafted IKE_SA_INIT message.

The root cause can be traced back to changes made in version 5.3.0, where the responsibility for verifying public DH values was shifted to the DH implementations. Unfortunately, this led to an oversight in the charon-tkm implementation, where an unchecked memcpy() operation could copy any public DH value sent by a peer into a fixed-size buffer on the stack, exceeding its capacity.

 The length is only limited by the maximum length for accepted IKE messages, which defaults to 10’000 bytes. Remote code execution might be possible due to this issue,” read the security advisory.

Fortunately, not all setups using strongSwan are vulnerable. Those not utilizing charon-tkm as the IKE daemon are safe. Additionally, the tkm-multi-ke branch of charon-tkm, which will be featured in the upcoming strongSwan 6, is not affected.

For those impacted, strongSwan 5.9.12 has been released, addressing the CVE-2023-41913 vulnerability. Patches for older versions are also available, offering a crucial line of defense against potential exploits.