Google Git
Sign in
gdch-oss/third_party/strongswan/strongswan/1014d74e4b51c777f6cf81db86655fdea0613f61^!/.
commit
1014d74e4b51c777f6cf81db86655fdea0613f61
[log]
author
Tobias Brunner <tobias@strongswan.org>
Fri Oct 24 15:22:53 2025 +0200
committer
Andreas Steffen <andreas.steffen@strongswan.org>
Mon Oct 27 14:02:59 2025 +0100
tree
e81cc40cbc2480ad045e370fcf2c60a7b96b99de
parent
c687ada6a6f68913651e355fd09f906893096b32 [diff]
NEWS: Add info about CVE-2025-62291

diff --git a/NEWS b/NEWS
index 916f279..ce3cdd2 100644
--- a/NEWS
+++ b/NEWS

@@ -1,6 +1,11 @@
 strongswan-6.0.3
 ----------------
 
+- Fixed a vulnerability in the eap-mschapv2 plugin related to processing Failure
+  Request packets on the client that can lead to a heap-based buffer overflow
+  and potentially remote code execution.
+  This vulnerability has been registered as CVE-2025-62291.
+
 - The new `alert` event for vici is raised for certain error conditions.
 
 - Only plugins with matching version number are loaded by programs.