Libreswan

Libreswan

22 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2019-10155

  • EPSS 0.23%
  • Published 12.06.2019 14:29:02
  • Last modified 21.11.2024 04:18:32

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check v...

7.5

CVE-2019-12312

Exploit
  • EPSS 0.54%
  • Published 24.05.2019 14:29:00
  • Last modified 21.11.2024 04:22:36

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expecte...

7.5

CVE-2016-5391

  • EPSS 0.89%
  • Published 13.06.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).

7.5

CVE-2016-5361

  • EPSS 0.95%
  • Published 16.06.2016 14:59:51
  • Last modified 12.04.2025 10:46:40

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 ...

7.5

CVE-2016-3071

  • EPSS 0.97%
  • Published 18.04.2016 14:59:02
  • Last modified 12.04.2025 10:46:40

Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.

4.3

CVE-2015-3240

  • EPSS 1.2%
  • Published 09.11.2015 16:59:01
  • Last modified 12.04.2025 10:46:40

The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet.

5

CVE-2015-3204

  • EPSS 0.59%
  • Published 01.07.2015 14:59:08
  • Last modified 12.04.2025 10:46:40

libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.

5

CVE-2013-6467

  • EPSS 0.89%
  • Published 26.01.2014 20:55:05
  • Last modified 11.04.2025 00:51:21

Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

5

CVE-2013-7294

Exploit
  • EPSS 0.9%
  • Published 16.01.2014 05:05:26
  • Last modified 11.04.2025 00:51:21

The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.

9.3

CVE-2013-7283

Exploit
  • EPSS 0.33%
  • Published 09.01.2014 18:07:29
  • Last modified 11.04.2025 00:51:21

Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file.