CVE-2020-1763

libreswan: DoS attack via malicious IKEv1 informational exchange message

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.

Un fallo de lectura de búfer fuera de límites fue detectado en el demonio pluto de libreswan versiones 3.27 hasta 3.31 donde, un atacante no autenticado podría usar este fallo para bloquear a libreswan mediante el envío de paquetes IKEv1 Informational Exchange especialmente diseñados. El demonio reaparece después del bloqueo.

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-11-27 CVE Reserved
2020-05-12 CVE Published
2024-08-04 CVE Updated
2024-10-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (10)

URL	Tag	Source
https://bugzilla.redhat.com/show_bug.cgi?id=1813329	Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763	Issue Tracking
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf	Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8	2023-11-07
https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt	2023-11-07

URL	Date	SRC
https://security.gentoo.org/glsa/202007-21	2023-11-07
https://www.debian.org/security/2020/dsa-4684	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-1763	2020-05-12
https://bugzilla.redhat.com/show_bug.cgi?id=1814541	2020-05-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Libreswan Search vendor "Libreswan"		Libreswan Search vendor "Libreswan" for product "Libreswan"				>= 3.27 <= 3.31 Search vendor "Libreswan" for product "Libreswan" and version " >= 3.27 <= 3.31"		-		Affected
Libreswan Search vendor "Libreswan"		Libreswan Search vendor "Libreswan" for product "Libreswan"				3.5 Search vendor "Libreswan" for product "Libreswan" and version "3.5"		-		Affected