CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38712 – libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart
https://notcve.org/view.php?id=CVE-2023-38712
25 Aug 2023 — An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. Se ha descubierto un problema en Libreswan 3.x y 4.x antes de 4.12. Cuando un paquete IKEv1 ISAKMP SA Informational Exchange contiene una carga útil Delete/Notify seguid... • https://github.com/libreswan/libreswan/tags • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1763 – libreswan: DoS attack via malicious IKEv1 informational exchange message
https://notcve.org/view.php?id=CVE-2020-1763
12 May 2020 — An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. Un fallo de lectura de búfer fuera de límites fue detectado en el demonio pluto de libreswan versiones 3.27 hasta 3.31 donde, un atacante no autenticado podría usar este fallo para bloquear a libreswan mediante el envío de paque... • https://bugzilla.redhat.com/show_bug.cgi?id=1813329 • CWE-125: Out-of-bounds Read •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10155 – libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check
https://notcve.org/view.php?id=CVE-2019-10155
12 Jun 2019 — The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29. Se ha encontrado una vulnerabilidad en el proyecto The Libreswan en el procesador de IKEv1 Los paquetes de intercambio informativo IKEv1 que están cifrados y protegidos por integridad utilizando las... • https://access.redhat.com/errata/RHSA-2019:3391 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12312 – libreswan: null-pointer dereference by sending two IKEv2 packets
https://notcve.org/view.php?id=CVE-2019-12312
24 May 2019 — In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan. En Libreswan versión anterior a 3.28, un fallo de aserción puede llevar a un ... • http://www.iwantacve.cn/index.php/archives/218 • CWE-476: NULL Pointer Dereference CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5391
https://notcve.org/view.php?id=CVE-2016-5391
13 Jun 2017 — libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). Libreswan anterior a la 3.18 permite a un atacante remoto provocar una denegación de servicio (desreferencia a un puntero NULL y reinicio del daemon pluto). • https://bugzilla.redhat.com/show_bug.cgi?id=1356183 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5361 – IKEv1 protocol is vulnerable to DoS amplification attack
https://notcve.org/view.php?id=CVE-2016-5361
16 Jun 2016 — programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each. programs/pluto/ikev1.c en libres... • http://rhn.redhat.com/errata/RHSA-2016-2603.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2013-6467
https://notcve.org/view.php?id=CVE-2013-6467
26 Jan 2014 — Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Libreswan v3.7 y anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y reinicio del demonio IKE) a través de paquetes IKEv2 que cuenten con payloads esperados. • http://osvdb.org/102172 •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1CVE-2013-7294
https://notcve.org/view.php?id=CVE-2013-7294
16 Jan 2014 — The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload. La función ikev2parent_inI1outR1 en pluto/ikev2_parent.c de libreswan antes de 3.7 permite a atacantes remotos provocar una denegación de servicio (reinicio) a través de una notificación por IKEv2 I1 sin datos KE. • http://secunia.com/advisories/56276 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2013-7283
https://notcve.org/view.php?id=CVE-2013-7283
09 Jan 2014 — Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file. Condición de carrera en archivos libreswan.spec para paquetes de Red Hat Enterprise Linux (RHEL) y Fedora en libreswan 3.6 tiene un impacto y vectores de ataque no especificados, involucrando el archivo temporal /var/tmp/libreswan-nss-pwd. • http://secunia.com/advisories/56276 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2013-4564
https://notcve.org/view.php?id=CVE-2013-4564
07 Jan 2014 — Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet. Libreswan 3.6 permite a atacantes remotos causar denegación de servicio (caída) a través de un valor de longitud pequeño y (1) ninguna versión o (2) un número mayor inválido en un paquete IKE. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124911.html • CWE-189: Numeric Errors •