CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10155 – libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check
https://notcve.org/view.php?id=CVE-2019-10155
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29. Se ha encontrado una vulnerabilidad en el proyecto The Libreswan en el procesador de IKEv1 Los paquetes de intercambio informativo IKEv1 que están cifrados y protegidos por integridad utilizando las claves de integridad y cifrado IKE SA establecidas, pero como receptor, el valor de verificación de integridad no se verificó. Este problema afecta a las versiones anteriores a 3.29. A vulnerability was found in the Libreswan Project. • https://access.redhat.com/errata/RHSA-2019:3391 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155 https://libreswan.org/security/CVE-2019-10155 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS https://access.redhat.com/security/cve/CVE-2019-10155 https://bugzilla.redhat.com/show_bug.cgi?id=1714141 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12312 – libreswan: null-pointer dereference by sending two IKEv2 packets
https://notcve.org/view.php?id=CVE-2019-12312
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan. En Libreswan versión anterior a 3.28, un fallo de aserción puede llevar a un reinicio del componente pluto IKE daemon. Un atacante puede iniciar una desreferencia de puntero NULL enviando dos paquetes IKEv2 (init_IKE y delete_IKE) en modo 3des_cbc a un servidor Libreswan. • http://www.iwantacve.cn/index.php/archives/218 https://github.com/libreswan/libreswan/compare/9b1394e...3897683 https://github.com/libreswan/libreswan/issues/246 https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch https://access.redhat.com/security/cve/CVE-2019-12312 https://bugzilla.redhat.com/show_bug.cgi?id=1716918 • CWE-476: NULL Pointer Dereference CWE-617: Reachable Assertion •