user/strongswan (5.8.4): CVE-2021-45079: Incorrect Handling of Early EAP-Success Messages
https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html
Zhuowei Zhang reported a bug in the EAP authentication client code that may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. Incorrect Handling of Early EAP-Success Messages
When using EAP authentication (RFC 3748), the successful completion of the authentication is indicated by an EAP-Success message sent by the server to the client. strongSwan's EAP client code handled early EAP-Success messages incorrectly, either crashing the IKE daemon or concluding the EAP method prematurely, leading to varying outcomes depending on the configuration. Affected are all strongSwan versions since 4.1.2, depending on the configuration.
CVE-2021-45079 has been assigned for this vulnerability.