CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38712 – libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart
https://notcve.org/view.php?id=CVE-2023-38712
25 Aug 2023 — An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. Se ha descubierto un problema en Libreswan 3.x y 4.x antes de 4.12. Cuando un paquete IKEv1 ISAKMP SA Informational Exchange contiene una carga útil Delete/Notify seguid... • https://github.com/libreswan/libreswan/tags • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2020-1763 – libreswan: DoS attack via malicious IKEv1 informational exchange message
https://notcve.org/view.php?id=CVE-2020-1763
12 May 2020 — An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. Un fallo de lectura de búfer fuera de límites fue detectado en el demonio pluto de libreswan versiones 3.27 hasta 3.31 donde, un atacante no autenticado podría usar este fallo para bloquear a libreswan mediante el envío de paque... • https://bugzilla.redhat.com/show_bug.cgi?id=1813329 • CWE-125: Out-of-bounds Read •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10155 – libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check
https://notcve.org/view.php?id=CVE-2019-10155
12 Jun 2019 — The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29. Se ha encontrado una vulnerabilidad en el proyecto The Libreswan en el procesador de IKEv1 Los paquetes de intercambio informativo IKEv1 que están cifrados y protegidos por integridad utilizando las... • https://access.redhat.com/errata/RHSA-2019:3391 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12312 – libreswan: null-pointer dereference by sending two IKEv2 packets
https://notcve.org/view.php?id=CVE-2019-12312
24 May 2019 — In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan. En Libreswan versión anterior a 3.28, un fallo de aserción puede llevar a un ... • http://www.iwantacve.cn/index.php/archives/218 • CWE-476: NULL Pointer Dereference CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5391
https://notcve.org/view.php?id=CVE-2016-5391
13 Jun 2017 — libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). Libreswan anterior a la 3.18 permite a un atacante remoto provocar una denegación de servicio (desreferencia a un puntero NULL y reinicio del daemon pluto). • https://bugzilla.redhat.com/show_bug.cgi?id=1356183 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5361 – IKEv1 protocol is vulnerable to DoS amplification attack
https://notcve.org/view.php?id=CVE-2016-5361
16 Jun 2016 — programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each. programs/pluto/ikev1.c en libres... • http://rhn.redhat.com/errata/RHSA-2016-2603.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-3071
https://notcve.org/view.php?id=CVE-2016-3071
18 Apr 2016 — Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. Libreswan 3.16 podría permitir a atacantes remotos provocar una denegación de servicio (reinicio del demonio) a través de una tranformación de IKEv2 aes_xcbc. • http://download.libreswan.org/CHANGES • CWE-20: Improper Input Validation CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3240 – openswan: denial of service via IKE daemon restart when receiving a bad DH gx value
https://notcve.org/view.php?id=CVE-2015-3240
04 Nov 2015 — The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet. El demonio pluto IKE en libreswan en versiones anteriores a 3.15 y Openswan en versiones anteriores a 2.6.45, cuando ha sido construido con NSS, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y reinicio de demonio) a través de un valo... • http://rhn.redhat.com/errata/RHSA-2015-1979.html • CWE-189: Numeric Errors CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3204 – libreswan: crafted IKE packet causes daemon restart
https://notcve.org/view.php?id=CVE-2015-3204
23 Jun 2015 — libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK. libreswan 3.9 hasta 3.12 permite a atacantes remotos causar una denegación de servicio (reinicio de demonio) a través de un paquete IKEv1 con (1) bits no asignados configurados en el valor IPSEC DOI o (2) el valor del próxima carga útil configurado en ISAKMP_NEXT_SAK. A flaw was discovere... • http://rhn.redhat.com/errata/RHSA-2015-1154.html • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-6467
https://notcve.org/view.php?id=CVE-2013-6467
26 Jan 2014 — Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Libreswan v3.7 y anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y reinicio del demonio IKE) a través de paquetes IKEv2 que cuenten con payloads esperados. • http://osvdb.org/102172 •