SECURITYWEEK reports a high-severity vulnerability in StrongSwan’s EAP-TTLS AVP parser that could be exploited remotely and without authentication to take VPN services offline. The flaw is an integer underflow affecting StrongSwan releases from 4.5.0 through 6.0.4, caused by the parser not validating AVP length values, which can trigger a 32-bit underflow when length values are between 0 and 7.
Attackers can cause resource exhaustion, and in some cases a null-pointer dereference leading to a segmentation fault, crashing the charon IKE daemon. According to NIST advisory, successful exploitation requires a two-phase attack: a malicious packet corrupts the heap, followed by a second packet that triggers the segmentation fault. The issue was addressed in StrongSwan version 6.0.5, which adds validation of AVP length values during parsing.