{"id":"AZL-74660","summary":"CVE-2025-62291 affecting package strongswan for versions less than 5.9.14-8","details":"In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.","modified":"2026-04-21T04:38:45.745063Z","published":"2026-01-16T19:16:18Z","upstream":["CVE-2025-62291"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62291"}],"affected":[{"package":{"name":"strongswan","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/strongswan"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.9.14-8"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74660.json"}}],"schema_version":"1.7.5"}