{"id":"CVE-2022-40617","details":"strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.","modified":"2026-04-12T01:27:59.910248Z","published":"2022-10-31T06:15:09.887Z","related":["SUSE-SU-2022:4159-1","SUSE-SU-2022:4185-1","SUSE-SU-2022:4197-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/"},{"type":"ARTICLE","url":"https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/strongswan/strongswan","events":[{"introduced":"0"},{"fixed":"e09bc70d124554f8ee892f3ee4a988ce6d2e7c90"},{"introduced":"068b9c0b76ee8d7baa3da4dc9fe998e01fdbad20"},{"fixed":"72a1b2e3089ca3814a7741fb162620b7215e5807"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.9.8"},{"introduced":"4.5.1"},{"fixed":"4.6.0"}]}}],"versions":["4.5.1","4.5.2","4.5.3","4.6.0","4.6.1","4.6.2","4.6.3","5.0.0","5.0.1","5.0.2","5.0.2dr4","5.0.2rc1","5.0.3","5.0.3dr1","5.0.3dr2","5.0.3dr3","5.0.3rc1","5.0.4","5.1.0","5.1.0dr1","5.1.0dr2","5.1.0rc1","5.1.1","5.1.1dr1","5.1.1dr2","5.1.1dr3","5.1.1dr4","5.1.1rc1","5.1.2","5.1.2.dr2","5.1.2dr1","5.1.2dr3","5.1.2rc1","5.1.2rc2","5.1.3","5.1.3dr1","5.1.3rc1","5.2.0","5.2.0dr1","5.2.0dr2","5.2.0dr3","5.2.0dr4","5.2.0dr5","5.2.0dr6","5.2.0rc1","5.2.1","5.2.1dr1","5.2.1rc1","5.2.2","5.2.2dr1","5.2.2rc1","5.3.0","5.3.0dr1","5.3.0rc1","5.3.1","5.3.1dr1","5.3.1rc1","5.3.2","5.3.3","5.3.3dr1","5.3.3dr3","5.3.3dr4","5.3.3dr5","5.3.3dr6","5.3.3rc2","5.3.4","5.3.4dr1","5.3.4dr2","5.3.4dr3","5.3.4rc1","5.3.5","5.4.0","5.4.0dr1","5.4.0dr2","5.4.0dr3","5.4.0dr4","5.4.0dr5","5.4.0dr6","5.4.0dr7","5.4.0dr8","5.4.0rc1","5.4.1dr1","5.4.1dr2","5.4.1dr3","5.4.1dr4","5.5.0","5.5.0dr1","5.5.0rc1","5.5.1","5.5.1dr1","5.5.1dr2","5.5.1dr3","5.5.1dr4","5.5.1dr5","5.5.1rc1","5.5.1rc2","5.5.2","5.5.2dr1","5.5.2dr2","5.5.2dr3","5.5.2dr4","5.5.2dr5","5.5.2dr6","5.5.2dr7","5.5.2rc1","5.5.3","5.5.3dr1","5.5.3dr2","5.6.0","5.6.0dr1","5.6.0dr2","5.6.0dr3","5.6.0dr4","5.6.0rc1","5.6.0rc2","5.6.1","5.6.1dr1","5.6.1dr2","5.6.1dr3","5.6.1rc1","5.6.2","5.6.2dr1","5.6.2dr2","5.6.2dr3","5.6.2dr4","5.6.2rc1","5.6.3","5.6.3dr1","5.6.3dr2","5.6.3rc1","5.7.0","5.7.0dr1","5.7.0dr2","5.7.0dr3","5.7.0dr4","5.7.0dr5","5.7.0dr6","5.7.0dr8","5.7.0rc1","5.7.0rc2","5.7.1","5.7.2","5.7.2dr1","5.7.2dr2","5.7.2dr3","5.7.2dr4","5.7.2rc1","5.8.0","5.8.0dr2","5.8.0rc1","5.8.1","5.8.1dr1","5.8.1rc2","5.8.2","5.8.2dr1","5.8.2dr2","5.8.2rc1","5.8.2rc2","5.8.3","5.8.3rc1","5.8.4","5.9.0","5.9.0dr1","5.9.0dr2","5.9.0rc1","5.9.1","5.9.1dr1","5.9.1rc1","5.9.2","5.9.2dr1","5.9.2dr2","5.9.2rc1","5.9.2rc2","5.9.3","5.9.3dr1","5.9.3dr2","5.9.3dr3","5.9.3dr4","5.9.3rc1","5.9.4","5.9.4dr1","5.9.4dr2","5.9.4dr3","5.9.4rc1","5.9.5","5.9.5dr1","5.9.5dr2","5.9.5dr3","5.9.5dr4","5.9.5rc1","5.9.6","5.9.6rc1","5.9.7","5.9.7dr1","5.9.7dr2","5.9.7rc1","5.9.8dr1","5.9.8dr2","5.9.8dr3","5.9.8dr4","5.9.8rc1","android-2.3.3","android-2.3.3-1"],"database_specific":{"vanir_signatures_modified":"2026-04-12T01:27:59Z","vanir_signatures":[{"digest":{"function_hash":"329727258632254325996888576331228235748","length":15429},"id":"CVE-2022-40617-104497a8","signature_type":"Function","signature_version":"v1","source":"https://github.com/strongswan/strongswan/commit/72a1b2e3089ca3814a7741fb162620b7215e5807","deprecated":false,"target":{"function":"main","file":"src/scepclient/scepclient.c"}},{"digest":{"line_hashes":["318372487100592807782603248850652055128","191378964250929219076766640186664879089","227279917454857959696357758482079942948","289397897288950579549925744982889855308","330694031509858495146969201303390442159","308924465538952239986027488632480257694","3515372627853317527205167152503058613","195676375774350054415641798506347782068","282725140310445569506232913983604477491","82769793694550156531495484439774477454","155781169334603343811059365732274395351"],"threshold":0.9},"id":"CVE-2022-40617-c66752c8","signature_type":"Line","signature_version":"v1","source":"https://github.com/strongswan/strongswan/commit/72a1b2e3089ca3814a7741fb162620b7215e5807","deprecated":false,"target":{"file":"src/scepclient/scepclient.c"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"22.04"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]},{"events":[{"introduced":"3.11.1"},{"fixed":"3.11.20"}]},{"events":[{"introduced":"4.3.1"},{"fixed":"4.3.15"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40617.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}