7.5

CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibreswanLibreswan Version >= 3.27 <= 3.31
LibreswanLibreswan Version3.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.29% 0.869
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
Third Party Advisory
US Government Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1813329
Third Party Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763
Third Party Advisory
Issue Tracking
https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
Patch
Third Party Advisory
https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
Patch
Vendor Advisory
https://security.gentoo.org/glsa/202007-21
Third Party Advisory
https://www.debian.org/security/2020/dsa-4684
Third Party Advisory