CVE-2016-3071

EPSS 0.97%
Published 18.04.2016 14:59:02
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Libreswan ≫ Libreswan Version3.16

Fedoraproject ≫ Fedora Version23

Fedoraproject ≫ Fedora Version24

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.97%	0.757

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://download.libreswan.org/CHANGES

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182050.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182130.html

http://www.securityfocus.com/bid/87295

https://libreswan.org/security/CVE-2016-3071/CVE-2016-3071.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-3071

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-3071

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-3071

EUVD