A critical vulnerability in StrongSwan VPN software allows unauthenticated attackers to remotely crash VPN connections through an integer underflow flaw. The vulnerability affects StrongSwan releases spanning 15 years, indicating a long-standing security issue in the widely-used open-source IPsec VPN solution.
The flaw is remotely exploitable, meaning attackers can trigger denial-of-service conditions without requiring authentication or local access to targeted systems. This significantly lowers the barrier for exploitation and increases the potential impact on organizations relying on StrongSwan for secure communications.