{"id":"CVE-2022-4967","details":"strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).","modified":"2026-04-11T23:22:45.672885Z","published":"2024-05-14T11:57:00.550Z","references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240614-0006/"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-4967"},{"type":"ADVISORY","url":"https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html"},{"type":"FIX","url":"https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/strongswan/strongswan","events":[{"introduced":"87ba3a424deeab24f84777b712183f904ca9e0ac"},{"fixed":"4cf8cd0321fbc93098b588991b3a6ab5edf823bb"},{"fixed":"e4b4aabc4996fc61c37deab7858d07bc4d220136"}],"database_specific":{"versions":[{"introduced":"5.9.2"},{"fixed":"5.9.6"}]}}],"versions":["5.9.2","5.9.3","5.9.3dr1","5.9.3dr2","5.9.3dr3","5.9.3dr4","5.9.3rc1","5.9.4","5.9.4dr1","5.9.4dr2","5.9.4dr3","5.9.4rc1","5.9.5","5.9.5dr1","5.9.5dr2","5.9.5dr3","5.9.5dr4","5.9.5rc1","5.9.6rc1","android-2.3.3","android-2.3.3-1"],"database_specific":{"vanir_signatures_modified":"2026-04-11T23:22:45Z","vanir_signatures":[{"digest":{"function_hash":"229327423693068019333482254977440631366","length":1629},"deprecated":false,"source":"https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136","target":{"function":"send_key_exchange_encrypt","file":"src/libtls/tls_peer.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2022-4967-1a12fff4"},{"digest":{"function_hash":"40996807859007373074460075075838764263","length":585},"deprecated":false,"source":"https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136","target":{"function":"tls_find_public_key","file":"src/libtls/tls_server.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2022-4967-598d9ae1"},{"digest":{"function_hash":"10058219289210136812147994005291638990","length":812},"deprecated":false,"source":"https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136","target":{"function":"process_cert_verify","file":"src/libtls/tls_server.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2022-4967-5eec59fb"},{"digest":{"function_hash":"252755643761933897749899606010188678882","length":820},"deprecated":false,"source":"https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136","target":{"function":"process_cert_verify","file":"src/libtls/tls_peer.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2022-4967-97dbeaad"},{"digest":{"function_hash":"216694263043041037499179477589224375067","length":1942},"deprecated":false,"source":"https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136","target":{"function":"process_modp_key_exchange","file":"src/libtls/tls_peer.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2022-4967-b7a2fe35"},{"digest":{"function_hash":"118434765318832376156361802437971748377","length":2717},"deprecated":false,"source":"https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136","target":{"function":"process_ec_key_exchange","file":"src/libtls/tls_peer.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2022-4967-de723e7c"},{"digest":{"threshold":0.9,"line_hashes":["229400809894567376555921683802648030370","224893881739257184856010924054928237201","332345852565583412669789961522385218175","9063154467130130065658916835352025303","217507570939720489052883851071055495599","311738739724082187616704889031676639100","52385069922578192468510523726254989248","227818797753182964353371269131837265845","89522631616381438168524258764928273746","77300050891222599619603736940655119474","127863257509405125426456340302296568470","8468002517573446442019565981308043882","82232005207467064140640778972187898221","77300050891222599619603736940655119474","127863257509405125426456340302296568470","8468002517573446442019565981308043882","89522631616381438168524258764928273746","77300050891222599619603736940655119474","127863257509405125426456340302296568470","8468002517573446442019565981308043882"]},"deprecated":false,"source":"https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136","target":{"file":"src/libtls/tls_peer.c"},"signature_type":"Line","signature_version":"v1","id":"CVE-2022-4967-f20242b8"},{"digest":{"threshold":0.9,"line_hashes":["78515405905118962559508779596501436965","17833456349906317718900164075029167902","306932862811193668079133993590605667217","169075892614574621953335468159410888208","51704737262552831804433348024332176187","195325518392457070668088786390150896718","56071113674080884090147510379863010314","256940141627077002244184166511049376041","249757746048041252117052894885411958317","134427150802605942791448424993548135032","337209709849843004341933797566995272448","63032851982266000158574236282466886001","105357985101231697501845586005123878282"]},"deprecated":false,"source":"https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136","target":{"file":"src/libtls/tls_server.c"},"signature_type":"Line","signature_version":"v1","id":"CVE-2022-4967-fecf3d0f"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4967.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}