ISHACK AI BOT

Alma Linux: CVE-2023-6206: Important: thunderbird security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 11/21/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6206 CVE - 2023-6206 https://errata.almalinux.org/8/ALSA-2023-7500.html https://errata.almalinux.org/8/ALSA-2023-7508.html https://errata.almalinux.org/9/ALSA-2023-7501.html https://errata.almalinux.org/9/ALSA-2023-7507.html

Red Hat: CVE-2023-6208: Mozilla: Using Selection API would copy contents into X11 primary selection. (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-6208 RHSA-2023:7499 RHSA-2023:7500 RHSA-2023:7501 RHSA-2023:7503 RHSA-2023:7504 RHSA-2023:7505 RHSA-2023:7506 RHSA-2023:7507 RHSA-2023:7508 RHSA-2023:7509 RHSA-2023:7510 RHSA-2023:7511 RHSA-2023:7512 RHSA-2023:7577 View more

Oracle Linux: CVE-2023-6205: ELSA-2023-7507:firefox security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/30/2023 Added 11/28/2023 Modified 01/07/2025 Description It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox &lt; 120, Firefox ESR &lt; 115.5.0, and Thunderbird &lt; 115.5. The Mozilla Foundation Security Advisory describes this flaw as: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6205 CVE - 2023-6205 ELSA-2023-7507 ELSA-2023-7501 ELSA-2023-7505 ELSA-2023-7508 ELSA-2023-7509 ELSA-2023-7500 View more

Gentoo Linux: CVE-2023-6213: Mozilla Firefox: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-6213 CVE - 2023-6213 202401-10

MFSA2023-52 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.5 (CVE-2023-6208) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-thunderbird-upgrade-115_5 References https://attackerkb.com/topics/cve-2023-6208 CVE - 2023-6208 http://www.mozilla.org/security/announce/2023/mfsa2023-52.html

MFSA2023-49 Firefox: Security Vulnerabilities fixed in Firefox 120 (CVE-2023-6211) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120. Solution(s) mozilla-firefox-upgrade-120_0 References https://attackerkb.com/topics/cve-2023-6211 CVE - 2023-6211 http://www.mozilla.org/security/announce/2023/mfsa2023-49.html

SUSE: CVE-2023-41913: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. Solution(s) suse-upgrade-strongswan suse-upgrade-strongswan-doc suse-upgrade-strongswan-hmac suse-upgrade-strongswan-ipsec suse-upgrade-strongswan-libs0 suse-upgrade-strongswan-mysql suse-upgrade-strongswan-nm suse-upgrade-strongswan-sqlite References https://attackerkb.com/topics/cve-2023-41913 CVE - 2023-41913

Amazon Linux AMI 2: CVE-2023-6208: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-6208 AL2/ALAS-2024-2379 AL2/ALASFIREFOX-2024-019 CVE - 2023-6208

Amazon Linux AMI 2: CVE-2023-6205: Security patch for firefox, thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-6205 AL2/ALAS-2024-2379 AL2/ALASFIREFOX-2024-019 CVE - 2023-6205

MFSA2023-52 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.5 (CVE-2023-6207) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-thunderbird-upgrade-115_5 References https://attackerkb.com/topics/cve-2023-6207 CVE - 2023-6207 http://www.mozilla.org/security/announce/2023/mfsa2023-52.html

Ubuntu: (Multiple Advisories) (CVE-2023-6212): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/25/2023 Added 11/24/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6212 CVE - 2023-6212 USN-6509-1 USN-6509-2 USN-6515-1

Rocky Linux: CVE-2023-6208: thunderbird (RLSA-2023-7500) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Rocky Linux: CVE-2023-6205: thunderbird (RLSA-2023-7500) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/21/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Oracle Linux: CVE-2023-6212: ELSA-2023-7507:firefox security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/30/2023 Added 11/28/2023 Modified 01/07/2025 Description Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 120, Firefox ESR &lt; 115.5.0, and Thunderbird &lt; 115.5. The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6212 CVE - 2023-6212 ELSA-2023-7507 ELSA-2023-7501 ELSA-2023-7505 ELSA-2023-7508 ELSA-2023-7509 ELSA-2023-7500 View more

SUSE: CVE-2023-6238: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 11/21/2023 Created 06/24/2024 Added 06/24/2024 Modified 01/28/2025 Description A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-6238 CVE - 2023-6238

SUSE: CVE-2023-6204: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-6204 CVE - 2023-6204

SUSE: CVE-2023-6208: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-6208 CVE - 2023-6208

SUSE: CVE-2023-6205: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/21/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-6205 CVE - 2023-6205

SUSE: CVE-2023-6209: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-6209 CVE - 2023-6209

MFSA2023-49 Firefox: Security Vulnerabilities fixed in Firefox 120 (CVE-2023-6210) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/30/2025 Description When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120. Solution(s) mozilla-firefox-upgrade-120_0 References https://attackerkb.com/topics/cve-2023-6210 CVE - 2023-6210 http://www.mozilla.org/security/announce/2023/mfsa2023-49.html

MFSA2023-49 Firefox: Security Vulnerabilities fixed in Firefox 120 (CVE-2023-6205) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-firefox-upgrade-120_0 References https://attackerkb.com/topics/cve-2023-6205 CVE - 2023-6205 http://www.mozilla.org/security/announce/2023/mfsa2023-49.html

MFSA2023-49 Firefox: Security Vulnerabilities fixed in Firefox 120 (CVE-2023-6213) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120. Solution(s) mozilla-firefox-upgrade-120_0 References https://attackerkb.com/topics/cve-2023-6213 CVE - 2023-6213 http://www.mozilla.org/security/announce/2023/mfsa2023-49.html

MFSA2023-49 Firefox: Security Vulnerabilities fixed in Firefox 120 (CVE-2023-6212) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-firefox-upgrade-120_0 References https://attackerkb.com/topics/cve-2023-6212 CVE - 2023-6212 http://www.mozilla.org/security/announce/2023/mfsa2023-49.html

Debian: CVE-2023-5870: postgresql-13, postgresql-15 -- security update Severity 6 CVSS (AV:N/AC:M/Au:M/C:N/I:N/A:C) Published 11/20/2023 Created 11/21/2023 Added 11/20/2023 Modified 01/28/2025 Description A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. Solution(s) debian-upgrade-postgresql-13 debian-upgrade-postgresql-15 References https://attackerkb.com/topics/cve-2023-5870 CVE - 2023-5870 DLA-3651-1 DSA-5553-1 DSA-5554-1

Ubuntu: (Multiple Advisories) (CVE-2023-41913): strongSwan vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/20/2023 Created 11/22/2023 Added 11/21/2023 Modified 01/30/2025 Description strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. Solution(s) ubuntu-pro-upgrade-libstrongswan ubuntu-pro-upgrade-strongswan References https://attackerkb.com/topics/cve-2023-41913 CVE - 2023-41913 USN-6488-1 USN-6488-2