Wind River Support Network

HomeDefectsLIN1025-7595
Fixed

LIN1025-7595 : Security Advisory - strongswan - CVE-2025-62291

Created: Jan 18, 2026    Updated: May 10, 2026
Resolved Date: May 7, 2026
Found In Version: 10.25.33.2
Fix Version: 10.25.33.9
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Userspace

Description

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.

CVEs

  • Linkedin
  • Facebook
  • Twitter
  • Youtube