7.5
CVE-2026-12413
- EPSS 0.6%
- Veröffentlicht 02.07.2026 21:19:22
- Zuletzt bearbeitet 08.07.2026 18:52:42
- Quelle d42dc95b-23f1-4e06-9076-20753a
- CVE-Watchlists
- Unerledigt
IKEv2 Denial of Service via malformed fragmentation
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md->digest_roof < elemsof(md->digest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.443 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| d42dc95b-23f1-4e06-9076-20753a0fb0df | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-193 Off-by-one Error
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
https://libreswan.org/security/CVE-2026-12413/
https://libreswan.org/security/CVE-2026-12413/CVE-2026-12413.txt