CVE-2023-41913: 
strongSwan vulnerability analysis and mitigation

CVE-2023-41913 is a critical buffer overflow vulnerability discovered in strongSwan versions 5.3.0 through 5.9.11. The vulnerability affects the charon-tkm component, which is the TKM-backed version of the charon IKE daemon. It was discovered by Florian Picca and publicly disclosed on November 20, 2023. The vulnerability has received a CVSS v3.1 base score of 9.8 (Critical) (NVD, Vendor Advisory).

The vulnerability stems from an unchecked memcpy() operation in the charon-tkm component when handling Diffie-Hellman public values. The issue arose from changes made in version 5.3.0, where the responsibility for verifying public DH values was shifted to the DH implementations. The charon-tkm implementation failed to implement proper length checking, allowing any public DH value sent by a peer to be copied into a fixed-size 512-byte buffer on the stack. The length is only limited by the maximum length for accepted IKE messages, which defaults to 10,000 bytes (Vendor Advisory).

Successful exploitation of this vulnerability could lead to buffer overflow and potential remote code execution via a crafted IKESAINIT message. The attack can be performed without authentication, making it particularly severe. The vulnerability could result in disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS) (NetApp Advisory).

The vulnerability has been fixed in strongSwan version 5.9.12. For older versions, patches are available that fix the vulnerability. Systems not using charon-tkm as the IKE daemon are not vulnerable. Additionally, the tkm-multi-ke branch, which will be part of strongSwan 6, is not affected by this vulnerability (Vendor Advisory).