Back

Multiple Vulnerabilities in strongSwan Addressed in Recent Updates

Severity: High (Score: 74.0)

Sources: Linuxsecurity

Summary

Recent updates for strongSwan, affecting SUSE and Ubuntu systems, have addressed several critical vulnerabilities. The issues include CVE-2026-35328, which can cause an infinite loop in TLS processing, and CVE-2026-35329, leading to a null pointer dereference in PKCS#7 processing. Other vulnerabilities include integer underflows and improper certificate handling, which could allow attackers to exploit these weaknesses for denial of service or other malicious activities. The vulnerabilities affect various versions of strongSwan used in Ubuntu 26.04 LTS and SUSE systems. Security patches are available, and users are urged to update their systems promptly to mitigate risks. The updates were released on April 27 and April 28, 2026, respectively, highlighting the urgency of addressing these security flaws. Key Points: • Multiple critical vulnerabilities in strongSwan have been patched. • Affected CVEs include CVE-2026-35328 and CVE-2026-35329. • Users of SUSE and Ubuntu 26.04 LTS are advised to update immediately.

Key Entities

  • DDoS (attack_type)
  • CVE-2026-35328 (cve)
  • CVE-2026-35329 (cve)
  • CVE-2026-35330 (cve)
  • CVE-2026-35331 (cve)
  • CVE-2026-35332 (cve)
  • Cwe-191 - Integer Underflow (cwe)
  • Cwe-295 - Improper Certificate Validation (cwe)
  • Cwe-476 - NULL Pointer Dereference (cwe)
  • StrongSwan (platform)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed