CVE-2026-25075

Publication date 23 March 2026

Last updated 23 March 2026

Ubuntu priority

Description

Integer Underflow When Handling EAP-TTLS AVP. A vulnerability in the eap-ttls plugin related to processing EAP-TTLS AVPs was discovered in strongSwan that can result in resource exhaustion or a crash. All versions since 4.5.0 are affected.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
strongswan	25.10 questing	Fixed 6.0.1-6ubuntu4.2
	24.04 LTS noble	Fixed 5.9.13-2ubuntu4.24.04.2
	22.04 LTS jammy	Fixed 5.9.5-2ubuntu2.5
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-8117-1
strongSwan vulnerability
23 March 2026

Other references

https://www.cve.org/CVERecord?id=CVE-2026-25075