What is CVE-2021-45079?

CVE-2021-45079 is a critical-severity vulnerability in Strongswan, classified under NULL Pointer Dereference. CVSS score: 9.1/10. Published 2022-01-31.

How severe is CVE-2021-45079?

Critical severity. CVSS v3 base score is 9.1 out of 10.

NULL pointer dereference in Strongswan

CVE-2021-45079

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even w…

EPSS: 0.027 (84.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H.

Affected products

Strongswan
Canonical Ubuntu_linux — versions 14.04, 16.04, 18.04
Debian Debian_linux — versions 9.0, 10.0, 11.0
Fedoraproject Extra_packages_for_enterprise_linux — versions 7.0, 8.0, 9.0
Fedoraproject Fedora — versions 34, 35
N/a — versions n/a

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-45079?: CVE-2021-45079 is a critical-severity vulnerability in Strongswan, classified under NULL Pointer Dereference. CVSS score: 9.1/10. Published 2022-01-31.
How severe is CVE-2021-45079?: Critical severity. CVSS v3 base score is 9.1 out of 10.