Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    49 vulnerabilities found for libreswan by libreswan

    CVE-2026-50722 (GCVE-0-2026-50722)

    Vulnerability from nvd – Published: 2026-07-02 21:34 – Updated: 2026-07-07 17:02
    VLAI
    Title
    IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload
    Summary
    Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    • CWE-617 - Reachable Assertion
    Assigner
    Impacted products
    Vendor Product Version
    The Libreswan Project libreswan Affected: 0 , ≤ 5.3 (semver)
    Unaffected: 5.3.1 (semver)
    Create a notification for this product.
    Credits
    Yeonghyeon Choi Duyeong Kim Andrew Cagney (The Libreswan Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50722",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:12:19.317302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T17:02:06.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/libreswan/libreswan",
              "defaultStatus": "unaffected",
              "packageName": "libreswan",
              "product": "libreswan",
              "programRoutines": [
                {
                  "name": "RSA_authenticate_hash_signature_pkcs1_1_5_rsa"
                }
              ],
              "repo": "https://github.com/libreswan/libreswan",
              "vendor": "The Libreswan Project",
              "versions": [
                {
                  "lessThanOrEqual": "5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "5.3.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "value": "Any server or client that accepts RSA-based IKEv2 connections via the default authby= settings is vulnerable to denial of service. Authentication bypass additionally requires the use of RSA keys with weak exponents (e=3). IKEv2 by default allows ECDSA, RSA-SSA-PSS, and RSA PKCS#1 1.5 as fallback due to Microsoft Windows not supporting RSASSA-PSS."
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Yeonghyeon Choi"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Duyeong Kim"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Andrew Cagney (The Libreswan Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eLibreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected.\u003c/p\u003e"
                }
              ],
              "value": "Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "No known exploitation in the wild. The authentication bypass requires the target to use RSA keys with weak exponents (e=3), which have been disallowed by most cryptographic libraries for at least a decade. The denial-of-service attack is exploitable against any IKEv2 configuration using default authby= settings that permit RSA PKCS#1 v1.5 fallback."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-463",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service via assertion failure in pluto daemon when processing malformed RSA PKCS#1 v1.5 AUTH payloads"
                }
              ]
            },
            {
              "capecId": "CAPEC-473",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Authentication bypass via Bleichenbacher-style signature forgery when weak RSA exponents (e.g., e=3) are in use"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Weak RSA exponent (e=3) in use, enabling Bleichenbacher signature forgery"
                }
              ]
            },
            {
              "other": {
                "content": {
                  "description": "Vendor-assessed severity: Medium. Authentication bypass requires weak RSA exponents (e=3) which have been disallowed by most cryptographic libraries for over a decade. DoS is mitigated by automatic daemon restart.",
                  "value": "MEDIUM"
                },
                "type": "vendorSeverity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617: Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T21:34:41.413Z",
            "orgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
            "shortName": "libreswan"
          },
          "references": [
            {
              "name": "Libreswan Security Advisory CVE-2026-50722",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt"
            },
            {
              "name": "Libreswan CVE-2026-50722 Patches",
              "tags": [
                "patch"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50722/"
            },
            {
              "name": "Related: CVE-2026-50721 (IKEv1 variant)",
              "tags": [
                "related"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt"
            },
            {
              "name": "RFC 8017 - PKCS #1: RSA Cryptography Specifications Version 2.2",
              "tags": [
                "technical-description"
              ],
              "url": "https://www.rfc-editor.org/rfc/rfc8017"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUpgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at \u003ca href=\"https://libreswan.org/security/CVE-2026-50722/\"\u003ehttps://libreswan.org/security/CVE-2026-50722/\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "Upgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at https://libreswan.org/security/CVE-2026-50722/"
            }
          ],
          "source": {
            "defects": [
              "CVE-2026-50722"
            ],
            "discovery": "EXTERNAL"
          },
          "taxonomyMappings": [
            {
              "taxonomyName": "ATT\u0026CK",
              "taxonomyRelations": [
                {
                  "relationshipName": "maps to",
                  "relationshipValue": "Application or System Exploitation (DoS)",
                  "taxonomyId": "T1499.004"
                }
              ],
              "taxonomyVersion": "15.1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-24T00:00:00.000Z",
              "value": "Libreswan notified of the issue via security@libreswan.org"
            },
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "Advanced notice given to supported customers and distributions"
            },
            {
              "lang": "en",
              "time": "2026-06-24T00:00:00.000Z",
              "value": "Public announcement and release of libreswan 5.3.1"
            }
          ],
          "title": "IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIf Windows support is not needed, configure \u003ccode\u003eauthby=ecdsa\u003c/code\u003e or \u003ccode\u003eauthby=rsa-sha2\u003c/code\u003e (or both via \u003ccode\u003eauthby=ecdsa,rsa-sha2\u003c/code\u003e) to disallow the fallback of RSA PKCS#1 1.5. The \u003ccode\u003eleftauth=\u003c/code\u003e and \u003ccode\u003erightauth=\u003c/code\u003e settings can be updated similarly if those are in use instead of \u003ccode\u003eauthby\u003c/code\u003e.\u003c/p\u003e"
                }
              ],
              "value": "If Windows support is not needed, configure authby=ecdsa or authby=rsa-sha2 (or both via authby=ecdsa,rsa-sha2) to disallow the fallback of RSA PKCS#1 1.5. The leftauth= and rightauth= settings can be updated similarly if those are in use instead of authby."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
        "assignerShortName": "libreswan",
        "cveId": "CVE-2026-50722",
        "datePublished": "2026-07-02T21:34:41.413Z",
        "dateReserved": "2026-06-05T16:10:05.751Z",
        "dateUpdated": "2026-07-07T17:02:06.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50721 (GCVE-0-2026-50721)

    Vulnerability from nvd – Published: 2026-07-02 21:44 – Updated: 2026-07-07 17:01
    VLAI
    Title
    IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload
    Summary
    Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to forge the SIG payload when small public exponents are being used (e.g., e=3), which could lead to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the SIG payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of remote IKE peers are not affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    • CWE-617 - Reachable Assertion
    Assigner
    Impacted products
    Vendor Product Version
    The Libreswan Project libreswan Affected: 0 , ≤ 5.3 (semver)
    Unaffected: 5.3.1 (semver)
    Create a notification for this product.
    Credits
    Yeonghyeon Choi Duyeong Kim Andrew Cagney (The Libreswan Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50721",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:12:17.199605Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T17:01:58.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/libreswan/libreswan",
              "defaultStatus": "unaffected",
              "packageName": "libreswan",
              "product": "libreswan",
              "programRoutines": [
                {
                  "name": "RSA_authenticate_hash_signature_raw_rsa"
                }
              ],
              "repo": "https://github.com/libreswan/libreswan",
              "vendor": "The Libreswan Project",
              "versions": [
                {
                  "lessThanOrEqual": "5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "5.3.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "value": "Any server or client that accepts RSA-based IKEv1 connections via the default authby=rsasig option is vulnerable to denial of service. Authentication bypass additionally requires the use of RSA keys with weak exponents (e=3). IKEv1 only supports RSA-SHA1 (PKCS#1 Version 1.5) for public key authentication, so the vulnerable code path cannot be disabled without migrating to IKEv2 or switching to PSK."
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Yeonghyeon Choi"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Duyeong Kim"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Andrew Cagney (The Libreswan Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eLibreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to forge the SIG payload when small public exponents are being used (e.g., e=3), which could lead to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the SIG payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of remote IKE peers are not affected.\u003c/p\u003e"
                }
              ],
              "value": "Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to forge the SIG payload when small public exponents are being used (e.g., e=3), which could lead to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the SIG payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of remote IKE peers are not affected."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "No known exploitation in the wild. The authentication bypass requires the target to use RSA keys with weak exponents (e=3), which have been disallowed by most cryptographic libraries for at least a decade. The denial-of-service attack is exploitable against any IKEv1 configuration using the default authby=rsasig option."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-463",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service via assertion failure in pluto daemon when processing malformed RSA PKCS#1 v1.5 SIG payloads in IKEv1"
                }
              ]
            },
            {
              "capecId": "CAPEC-473",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Authentication bypass via Bleichenbacher-style signature forgery when weak RSA exponents (e.g., e=3) are in use"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Weak RSA exponent (e=3) in use, enabling Bleichenbacher signature forgery"
                }
              ]
            },
            {
              "other": {
                "content": {
                  "description": "Vendor-assessed severity: Medium. Authentication bypass requires weak RSA exponents (e=3) which have been disallowed by most cryptographic libraries for over a decade. DoS is mitigated by automatic daemon restart.",
                  "value": "MEDIUM"
                },
                "type": "vendorSeverity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617: Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T21:44:09.423Z",
            "orgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
            "shortName": "libreswan"
          },
          "references": [
            {
              "name": "Libreswan Security Advisory CVE-2026-50721",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt"
            },
            {
              "name": "Libreswan CVE-2026-50721 Patches",
              "tags": [
                "patch"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50721/"
            },
            {
              "name": "Related: CVE-2026-50722 (IKEv2 variant)",
              "tags": [
                "related"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt"
            },
            {
              "name": "RFC 2313 - PKCS #1: RSA Encryption Version 1.5",
              "tags": [
                "technical-description"
              ],
              "url": "https://www.rfc-editor.org/rfc/rfc2313"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUpgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at \u003ca href=\"https://libreswan.org/security/CVE-2026-50721/\"\u003ehttps://libreswan.org/security/CVE-2026-50721/\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "Upgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at https://libreswan.org/security/CVE-2026-50721/"
            }
          ],
          "source": {
            "defects": [
              "CVE-2026-50721"
            ],
            "discovery": "EXTERNAL"
          },
          "taxonomyMappings": [
            {
              "taxonomyName": "ATT\u0026CK",
              "taxonomyRelations": [
                {
                  "relationshipName": "maps to",
                  "relationshipValue": "Application or System Exploitation (DoS)",
                  "taxonomyId": "T1499.004"
                }
              ],
              "taxonomyVersion": "15.1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-24T00:00:00.000Z",
              "value": "Libreswan notified of the issue via security@libreswan.org"
            },
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "Advanced notice given to supported customers and distributions"
            },
            {
              "lang": "en",
              "time": "2026-06-24T00:00:00.000Z",
              "value": "Public announcement and release of libreswan 5.3.1"
            }
          ],
          "title": "IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIKEv1 only supports RSA-SHA1 (PKCS#1 Version 1.5) with public key authentication, so there is no way to disable the vulnerable code path within IKEv1. Migrate IKEv1 connections to IKEv2 where \u003ccode\u003eauthby=ecdsa\u003c/code\u003e or \u003ccode\u003eauthby=rsa-sha2\u003c/code\u003e can be configured. For static tunnel configurations (not Remote Access VPN Client groups), authentication can be changed to use PSK via \u003ccode\u003eauthby=secret\u003c/code\u003e after coordination with the remote peer.\u003c/p\u003e"
                }
              ],
              "value": "IKEv1 only supports RSA-SHA1 (PKCS#1 Version 1.5) with public key authentication, so there is no way to disable the vulnerable code path within IKEv1. Migrate IKEv1 connections to IKEv2 where authby=ecdsa or authby=rsa-sha2 can be configured. For static tunnel configurations (not Remote Access VPN Client groups), authentication can be changed to use PSK via authby=secret after coordination with the remote peer."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
        "assignerShortName": "libreswan",
        "cveId": "CVE-2026-50721",
        "datePublished": "2026-07-02T21:44:09.423Z",
        "dateReserved": "2026-06-05T16:10:05.751Z",
        "dateUpdated": "2026-07-07T17:01:58.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12413 (GCVE-0-2026-12413)

    Vulnerability from nvd – Published: 2026-07-02 21:19 – Updated: 2026-07-07 17:02
    VLAI
    Title
    IKEv2 Denial of Service via malformed fragmentation
    Summary
    An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md->digest_roof < elemsof(md->digest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    The Libreswan Project libreswan Affected: 4.6 , ≤ 5.3 (semver)
    Unaffected: 5.3.1 (semver)
    Create a notification for this product.
    Credits
    Hu Xinyao
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12413",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:12:21.499364Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T17:02:12.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "libreswan",
              "vendor": "The Libreswan Project",
              "versions": [
                {
                  "lessThanOrEqual": "5.3",
                  "status": "affected",
                  "version": "4.6",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "5.3.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hu Xinyao"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md-\u003edigest_roof \u003c elemsof(md-\u003edigest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "other": {
                "content": {
                  "description": "Vendor-assessed severity. The daemon automatically restarts after the crash, requiring continued exploitation for sustained denial of service.",
                  "value": "MEDIUM"
                },
                "type": "vendorSeverity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T21:19:22.177Z",
            "orgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
            "shortName": "libreswan"
          },
          "references": [
            {
              "name": "Libreswan Security Advisory",
              "url": "https://libreswan.org/security/CVE-2026-12413/CVE-2026-12413.txt"
            },
            {
              "name": "Libreswan CVE-2026-12413 Patches",
              "url": "https://libreswan.org/security/CVE-2026-12413/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at https://libreswan.org"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "Libreswan notified of the issue via security@libreswan.org"
            },
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "Advanced notice given to supported customers and distributions"
            },
            {
              "lang": "en",
              "time": "2026-06-24T00:00:00.000Z",
              "value": "Public announcement and release of libreswan 5.3.1"
            }
          ],
          "title": "IKEv2 Denial of Service via malformed fragmentation",
          "workarounds": [
            {
              "lang": "en",
              "value": "If fragmentation is not needed, fragmentation=no can be added to all IKEv2 configurations. If fragmentation is needed, no workaround is possible and the fix needs to be applied."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
        "assignerShortName": "libreswan",
        "cveId": "CVE-2026-12413",
        "datePublished": "2026-07-02T21:19:22.177Z",
        "dateReserved": "2026-06-16T15:52:12.674Z",
        "dateUpdated": "2026-07-07T17:02:12.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3652 (GCVE-0-2024-3652)

    Vulnerability from nvd – Published: 2024-04-11 01:32 – Updated: 2026-02-27 15:19
    VLAI
    Title
    IKEv1 default AH/ESP responder can cause libreswan to abort and restart
    Summary
    The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • IKEv1 with default AH/ESP configuration can cause libreswan to abort and restart
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    Impacted products
    Vendor Product Version
    The Libreswan Project (www.libreswan.org) libreswan Affected: 3.22 , ≤ 4.14 (semver)
    Unaffected: 5.0
    Create a notification for this product.
    Date Public
    2024-04-12 21:00
    Credits
    github user X1AOxiang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3652",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-11T17:26:47.015453Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-404",
                    "description": "CWE-404 Improper Resource Shutdown or Release",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-27T15:19:48.988Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:19:59.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "CVE-2024-3652",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2024-3652"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/04/18/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "libreswan",
              "vendor": "The Libreswan Project (www.libreswan.org)",
              "versions": [
                {
                  "lessThanOrEqual": "4.14",
                  "status": "affected",
                  "version": "3.22",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "5.0"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "value": "The vulnerability can only be triggered for connections with ikev2=no that do not specify an esp= option."
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "github user X1AOxiang"
            }
          ],
          "datePublic": "2024-04-12T21:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan\u0027s default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "IKEv1 with default AH/ESP configuration can cause libreswan to abort and restart",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T17:10:23.219Z",
            "orgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
            "shortName": "libreswan"
          },
          "references": [
            {
              "name": "CVE-2024-3652",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://libreswan.org/security/CVE-2024-3652"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/04/18/2"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed in 4.15 and all later versions."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-24T00:00:00.000Z",
              "value": "Issue reported publicly by github user X1AOxiang via https://github.com/libreswan/libreswan/issues/1665"
            },
            {
              "lang": "en",
              "time": "2024-03-27T00:00:00.000Z",
              "value": "Fix published in commit 03caa63de1e3 (as issue was already public via githb issue)"
            },
            {
              "lang": "en",
              "time": "2024-04-10T00:00:00.000Z",
              "value": "Advanced notice given to support customers and distributions"
            },
            {
              "lang": "en",
              "time": "2024-04-12T00:00:00.000Z",
              "value": "CVE-2024-3652 published"
            }
          ],
          "title": "IKEv1 default AH/ESP responder can cause libreswan to abort and restart",
          "workarounds": [
            {
              "lang": "en",
              "value": "As a workaround, adding an esp= line to all IKEv1 connections works around the issue. An example covering most common default configurations would be: esp=aes-sha2_512,aes-sha1,aes-sha2_256,aes-md5,3des-sha1,3des-md5."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
        "assignerShortName": "libreswan",
        "cveId": "CVE-2024-3652",
        "datePublished": "2024-04-11T01:32:13.433Z",
        "dateReserved": "2024-04-11T01:28:41.331Z",
        "dateUpdated": "2026-02-27T15:19:48.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38712 (GCVE-0-2023-38712)

    Vulnerability from nvd – Published: 2023-08-25 00:00 – Updated: 2024-08-02 17:46
    VLAI
    Summary
    An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/tags"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2023-38712/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T20:31:56.483Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/libreswan/libreswan/tags"
            },
            {
              "url": "https://libreswan.org/security/CVE-2023-38712/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38712",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-07-24T00:00:00.000Z",
        "dateUpdated": "2024-08-02T17:46:56.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38711 (GCVE-0-2023-38711)

    Vulnerability from nvd – Published: 2023-08-25 00:00 – Updated: 2024-08-02 17:46
    VLAI
    Summary
    An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-22T19:44:03.355698Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-22T19:44:10.044Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.601Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/tags"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2023-38711/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T20:30:07.355Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/libreswan/libreswan/tags"
            },
            {
              "url": "https://libreswan.org/security/CVE-2023-38711/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38711",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-07-24T00:00:00.000Z",
        "dateUpdated": "2024-08-02T17:46:56.601Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38710 (GCVE-0-2023-38710)

    Vulnerability from nvd – Published: 2023-08-25 00:00 – Updated: 2024-11-26 21:53
    VLAI
    Summary
    An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/tags"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2023-38710/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38710",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-18T17:07:09.396495Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T21:53:27.752Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload\u0027s protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T20:28:53.862Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/libreswan/libreswan/tags"
            },
            {
              "url": "https://libreswan.org/security/CVE-2023-38710/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38710",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-07-24T00:00:00.000Z",
        "dateUpdated": "2024-11-26T21:53:27.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-30570 (GCVE-0-2023-30570)

    Vulnerability from nvd – Published: 2023-05-28 00:00 – Updated: 2025-01-14 18:14
    VLAI
    Summary
    pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:28:51.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:14:34.147387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:14:42.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-28T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-30570",
        "datePublished": "2023-05-28T00:00:00.000Z",
        "dateReserved": "2023-04-12T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:14:42.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2295 (GCVE-0-2023-2295)

    Vulnerability from nvd – Published: 2023-05-17 00:00 – Updated: 2025-01-22 18:25
    VLAI
    Summary
    A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    n/a libreswan Affected: Affects libreswan v4.9-1.el8 and libreswan v4.9-1.el9, Fixed in libreswan v4.9-3.el8_8 and libreswan v4.9-4.el9_2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189777"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-2295"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3107"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3148"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2295",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-22T18:25:10.231021Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-22T18:25:15.561Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libreswan",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Affects libreswan v4.9-1.el8 and libreswan v4.9-1.el9, Fixed in libreswan v4.9-3.el8_8 and libreswan v4.9-4.el9_2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 - Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-17T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189777"
            },
            {
              "url": "https://access.redhat.com/security/cve/CVE-2023-2295"
            },
            {
              "url": "https://access.redhat.com/errata/RHSA-2023:3107"
            },
            {
              "url": "https://access.redhat.com/errata/RHSA-2023:3148"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-2295",
        "datePublished": "2023-05-17T00:00:00.000Z",
        "dateReserved": "2023-04-26T00:00:00.000Z",
        "dateUpdated": "2025-01-22T18:25:15.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23009 (GCVE-0-2023-23009)

    Vulnerability from nvd – Published: 2023-02-21 00:00 – Updated: 2025-03-17 17:02
    VLAI
    Summary
    Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:39.782Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/issues/954"
              },
              {
                "name": "DSA-5368",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5368"
              },
              {
                "name": "FEDORA-2023-a2348480cb",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MFOIQX2LRL43P3GJT33DE7G7COHNXDN/"
              },
              {
                "name": "FEDORA-2023-42ec148952",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSMYJH7MC2FZGCY5NH5AXULO3ISXIHOF/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23009",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-17T17:02:01.153244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T17:02:28.993Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-22T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/libreswan/libreswan/issues/954"
            },
            {
              "name": "DSA-5368",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5368"
            },
            {
              "name": "FEDORA-2023-a2348480cb",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MFOIQX2LRL43P3GJT33DE7G7COHNXDN/"
            },
            {
              "name": "FEDORA-2023-42ec148952",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSMYJH7MC2FZGCY5NH5AXULO3ISXIHOF/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-23009",
        "datePublished": "2023-02-21T00:00:00.000Z",
        "dateReserved": "2023-01-11T00:00:00.000Z",
        "dateUpdated": "2025-03-17T17:02:28.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23094 (GCVE-0-2022-23094)

    Vulnerability from nvd – Published: 2022-01-15 01:37 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:43.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2022-23094"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/issues/585"
              },
              {
                "name": "DSA-5048",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5048"
              },
              {
                "name": "FEDORA-2022-a4bca77f88",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP/"
              },
              {
                "name": "FEDORA-2022-42e0892147",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-20T16:06:23.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://libreswan.org/security/CVE-2022-23094"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/libreswan/libreswan/issues/585"
            },
            {
              "name": "DSA-5048",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5048"
            },
            {
              "name": "FEDORA-2022-a4bca77f88",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP/"
            },
            {
              "name": "FEDORA-2022-42e0892147",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-23094",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://libreswan.org/security/CVE-2022-23094",
                  "refsource": "MISC",
                  "url": "https://libreswan.org/security/CVE-2022-23094"
                },
                {
                  "name": "https://github.com/libreswan/libreswan/issues/585",
                  "refsource": "MISC",
                  "url": "https://github.com/libreswan/libreswan/issues/585"
                },
                {
                  "name": "DSA-5048",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5048"
                },
                {
                  "name": "FEDORA-2022-a4bca77f88",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP/"
                },
                {
                  "name": "FEDORA-2022-42e0892147",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-23094",
        "datePublished": "2022-01-15T01:37:32.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:43.512Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1763 (GCVE-0-2020-1763)

    Vulnerability from nvd – Published: 2020-05-12 13:41 – Updated: 2024-08-04 06:46
    VLAI
    Summary
    An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    the libreswan Project libreswan Affected: from versions 3.27 till 3.31
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:46:30.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"
              },
              {
                "name": "DSA-4684",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4684"
              },
              {
                "name": "GLSA-202007-21",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-21"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libreswan",
              "vendor": "the libreswan Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "from versions 3.27 till 3.31"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-12T05:48:52.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"
            },
            {
              "name": "DSA-4684",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4684"
            },
            {
              "name": "GLSA-202007-21",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202007-21"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-1763",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "libreswan",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "from versions 3.27 till 3.31"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "the libreswan Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt",
                  "refsource": "CONFIRM",
                  "url": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329"
                },
                {
                  "name": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"
                },
                {
                  "name": "DSA-4684",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4684"
                },
                {
                  "name": "GLSA-202007-21",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202007-21"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-1763",
        "datePublished": "2020-05-12T13:41:20.000Z",
        "dateReserved": "2019-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:46:30.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10155 (GCVE-0-2019-10155)

    Vulnerability from nvd – Published: 2019-06-12 13:51 – Updated: 2024-08-04 22:10
    VLAI
    Summary
    The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:10:09.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2019-10155/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"
              },
              {
                "name": "FEDORA-2019-f7fb531958",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"
              },
              {
                "name": "FEDORA-2019-1bd9cfb718",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"
              },
              {
                "name": "RHSA-2019:3391",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3391"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libreswan",
              "vendor": "the libreswan Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.29"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-354",
                  "description": "CWE-354",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T00:07:32.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://libreswan.org/security/CVE-2019-10155/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"
            },
            {
              "name": "FEDORA-2019-f7fb531958",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"
            },
            {
              "name": "FEDORA-2019-1bd9cfb718",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"
            },
            {
              "name": "RHSA-2019:3391",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3391"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2019-10155",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "libreswan",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.29"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "the libreswan Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-354"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://libreswan.org/security/CVE-2019-10155/",
                  "refsource": "MISC",
                  "url": "https://libreswan.org/security/CVE-2019-10155/"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"
                },
                {
                  "name": "FEDORA-2019-f7fb531958",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"
                },
                {
                  "name": "FEDORA-2019-1bd9cfb718",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"
                },
                {
                  "name": "RHSA-2019:3391",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3391"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2019-10155",
        "datePublished": "2019-06-12T13:51:01.000Z",
        "dateReserved": "2019-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:10:09.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12312 (GCVE-0-2019-12312)

    Vulnerability from nvd – Published: 2019-05-24 13:06 – Updated: 2024-08-04 23:17
    VLAI
    Summary
    In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:17:40.062Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.iwantacve.cn/index.php/archives/218/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/issues/246"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-06T18:51:42.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.iwantacve.cn/index.php/archives/218/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/libreswan/libreswan/issues/246"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-12312",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.iwantacve.cn/index.php/archives/218/",
                  "refsource": "MISC",
                  "url": "http://www.iwantacve.cn/index.php/archives/218/"
                },
                {
                  "name": "https://github.com/libreswan/libreswan/issues/246",
                  "refsource": "MISC",
                  "url": "https://github.com/libreswan/libreswan/issues/246"
                },
                {
                  "name": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683",
                  "refsource": "MISC",
                  "url": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683"
                },
                {
                  "name": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt",
                  "refsource": "CONFIRM",
                  "url": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt"
                },
                {
                  "name": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch",
                  "refsource": "CONFIRM",
                  "url": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-12312",
        "datePublished": "2019-05-24T13:06:41.000Z",
        "dateReserved": "2019-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:17:40.062Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5391 (GCVE-0-2016-5391)

    Vulnerability from nvd – Published: 2017-06-13 17:00 – Updated: 2024-08-06 01:00
    VLAI
    Summary
    libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-07-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:00:59.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2016-d46685629d",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/"
              },
              {
                "name": "FEDORA-2016-26a03340e6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356183"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-13T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2016-d46685629d",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/"
            },
            {
              "name": "FEDORA-2016-26a03340e6",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356183"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-5391",
        "datePublished": "2017-06-13T17:00:00.000Z",
        "dateReserved": "2016-06-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:00:59.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-50721 (GCVE-0-2026-50721)

    Vulnerability from cvelistv5 – Published: 2026-07-02 21:44 – Updated: 2026-07-07 17:01
    VLAI
    Title
    IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload
    Summary
    Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to forge the SIG payload when small public exponents are being used (e.g., e=3), which could lead to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the SIG payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of remote IKE peers are not affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    • CWE-617 - Reachable Assertion
    Assigner
    Impacted products
    Vendor Product Version
    The Libreswan Project libreswan Affected: 0 , ≤ 5.3 (semver)
    Unaffected: 5.3.1 (semver)
    Create a notification for this product.
    Credits
    Yeonghyeon Choi Duyeong Kim Andrew Cagney (The Libreswan Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50721",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:12:17.199605Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T17:01:58.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/libreswan/libreswan",
              "defaultStatus": "unaffected",
              "packageName": "libreswan",
              "product": "libreswan",
              "programRoutines": [
                {
                  "name": "RSA_authenticate_hash_signature_raw_rsa"
                }
              ],
              "repo": "https://github.com/libreswan/libreswan",
              "vendor": "The Libreswan Project",
              "versions": [
                {
                  "lessThanOrEqual": "5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "5.3.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "value": "Any server or client that accepts RSA-based IKEv1 connections via the default authby=rsasig option is vulnerable to denial of service. Authentication bypass additionally requires the use of RSA keys with weak exponents (e=3). IKEv1 only supports RSA-SHA1 (PKCS#1 Version 1.5) for public key authentication, so the vulnerable code path cannot be disabled without migrating to IKEv2 or switching to PSK."
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Yeonghyeon Choi"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Duyeong Kim"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Andrew Cagney (The Libreswan Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eLibreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to forge the SIG payload when small public exponents are being used (e.g., e=3), which could lead to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the SIG payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of remote IKE peers are not affected.\u003c/p\u003e"
                }
              ],
              "value": "Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to forge the SIG payload when small public exponents are being used (e.g., e=3), which could lead to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the SIG payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of remote IKE peers are not affected."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "No known exploitation in the wild. The authentication bypass requires the target to use RSA keys with weak exponents (e=3), which have been disallowed by most cryptographic libraries for at least a decade. The denial-of-service attack is exploitable against any IKEv1 configuration using the default authby=rsasig option."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-463",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service via assertion failure in pluto daemon when processing malformed RSA PKCS#1 v1.5 SIG payloads in IKEv1"
                }
              ]
            },
            {
              "capecId": "CAPEC-473",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Authentication bypass via Bleichenbacher-style signature forgery when weak RSA exponents (e.g., e=3) are in use"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Weak RSA exponent (e=3) in use, enabling Bleichenbacher signature forgery"
                }
              ]
            },
            {
              "other": {
                "content": {
                  "description": "Vendor-assessed severity: Medium. Authentication bypass requires weak RSA exponents (e=3) which have been disallowed by most cryptographic libraries for over a decade. DoS is mitigated by automatic daemon restart.",
                  "value": "MEDIUM"
                },
                "type": "vendorSeverity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617: Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T21:44:09.423Z",
            "orgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
            "shortName": "libreswan"
          },
          "references": [
            {
              "name": "Libreswan Security Advisory CVE-2026-50721",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt"
            },
            {
              "name": "Libreswan CVE-2026-50721 Patches",
              "tags": [
                "patch"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50721/"
            },
            {
              "name": "Related: CVE-2026-50722 (IKEv2 variant)",
              "tags": [
                "related"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt"
            },
            {
              "name": "RFC 2313 - PKCS #1: RSA Encryption Version 1.5",
              "tags": [
                "technical-description"
              ],
              "url": "https://www.rfc-editor.org/rfc/rfc2313"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUpgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at \u003ca href=\"https://libreswan.org/security/CVE-2026-50721/\"\u003ehttps://libreswan.org/security/CVE-2026-50721/\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "Upgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at https://libreswan.org/security/CVE-2026-50721/"
            }
          ],
          "source": {
            "defects": [
              "CVE-2026-50721"
            ],
            "discovery": "EXTERNAL"
          },
          "taxonomyMappings": [
            {
              "taxonomyName": "ATT\u0026CK",
              "taxonomyRelations": [
                {
                  "relationshipName": "maps to",
                  "relationshipValue": "Application or System Exploitation (DoS)",
                  "taxonomyId": "T1499.004"
                }
              ],
              "taxonomyVersion": "15.1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-24T00:00:00.000Z",
              "value": "Libreswan notified of the issue via security@libreswan.org"
            },
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "Advanced notice given to supported customers and distributions"
            },
            {
              "lang": "en",
              "time": "2026-06-24T00:00:00.000Z",
              "value": "Public announcement and release of libreswan 5.3.1"
            }
          ],
          "title": "IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIKEv1 only supports RSA-SHA1 (PKCS#1 Version 1.5) with public key authentication, so there is no way to disable the vulnerable code path within IKEv1. Migrate IKEv1 connections to IKEv2 where \u003ccode\u003eauthby=ecdsa\u003c/code\u003e or \u003ccode\u003eauthby=rsa-sha2\u003c/code\u003e can be configured. For static tunnel configurations (not Remote Access VPN Client groups), authentication can be changed to use PSK via \u003ccode\u003eauthby=secret\u003c/code\u003e after coordination with the remote peer.\u003c/p\u003e"
                }
              ],
              "value": "IKEv1 only supports RSA-SHA1 (PKCS#1 Version 1.5) with public key authentication, so there is no way to disable the vulnerable code path within IKEv1. Migrate IKEv1 connections to IKEv2 where authby=ecdsa or authby=rsa-sha2 can be configured. For static tunnel configurations (not Remote Access VPN Client groups), authentication can be changed to use PSK via authby=secret after coordination with the remote peer."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
        "assignerShortName": "libreswan",
        "cveId": "CVE-2026-50721",
        "datePublished": "2026-07-02T21:44:09.423Z",
        "dateReserved": "2026-06-05T16:10:05.751Z",
        "dateUpdated": "2026-07-07T17:01:58.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50722 (GCVE-0-2026-50722)

    Vulnerability from cvelistv5 – Published: 2026-07-02 21:34 – Updated: 2026-07-07 17:02
    VLAI
    Title
    IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload
    Summary
    Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    • CWE-617 - Reachable Assertion
    Assigner
    Impacted products
    Vendor Product Version
    The Libreswan Project libreswan Affected: 0 , ≤ 5.3 (semver)
    Unaffected: 5.3.1 (semver)
    Create a notification for this product.
    Credits
    Yeonghyeon Choi Duyeong Kim Andrew Cagney (The Libreswan Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50722",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:12:19.317302Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T17:02:06.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/libreswan/libreswan",
              "defaultStatus": "unaffected",
              "packageName": "libreswan",
              "product": "libreswan",
              "programRoutines": [
                {
                  "name": "RSA_authenticate_hash_signature_pkcs1_1_5_rsa"
                }
              ],
              "repo": "https://github.com/libreswan/libreswan",
              "vendor": "The Libreswan Project",
              "versions": [
                {
                  "lessThanOrEqual": "5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "5.3.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "value": "Any server or client that accepts RSA-based IKEv2 connections via the default authby= settings is vulnerable to denial of service. Authentication bypass additionally requires the use of RSA keys with weak exponents (e=3). IKEv2 by default allows ECDSA, RSA-SSA-PSS, and RSA PKCS#1 1.5 as fallback due to Microsoft Windows not supporting RSASSA-PSS."
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Yeonghyeon Choi"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Duyeong Kim"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Andrew Cagney (The Libreswan Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eLibreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected.\u003c/p\u003e"
                }
              ],
              "value": "Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload when small public exponents are used (e.g., e=3), leading to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the AUTH payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of the remote IKE peer are not affected."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "No known exploitation in the wild. The authentication bypass requires the target to use RSA keys with weak exponents (e=3), which have been disallowed by most cryptographic libraries for at least a decade. The denial-of-service attack is exploitable against any IKEv2 configuration using default authby= settings that permit RSA PKCS#1 v1.5 fallback."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-463",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service via assertion failure in pluto daemon when processing malformed RSA PKCS#1 v1.5 AUTH payloads"
                }
              ]
            },
            {
              "capecId": "CAPEC-473",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Authentication bypass via Bleichenbacher-style signature forgery when weak RSA exponents (e.g., e=3) are in use"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Weak RSA exponent (e=3) in use, enabling Bleichenbacher signature forgery"
                }
              ]
            },
            {
              "other": {
                "content": {
                  "description": "Vendor-assessed severity: Medium. Authentication bypass requires weak RSA exponents (e=3) which have been disallowed by most cryptographic libraries for over a decade. DoS is mitigated by automatic daemon restart.",
                  "value": "MEDIUM"
                },
                "type": "vendorSeverity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617: Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T21:34:41.413Z",
            "orgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
            "shortName": "libreswan"
          },
          "references": [
            {
              "name": "Libreswan Security Advisory CVE-2026-50722",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt"
            },
            {
              "name": "Libreswan CVE-2026-50722 Patches",
              "tags": [
                "patch"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50722/"
            },
            {
              "name": "Related: CVE-2026-50721 (IKEv1 variant)",
              "tags": [
                "related"
              ],
              "url": "https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt"
            },
            {
              "name": "RFC 8017 - PKCS #1: RSA Cryptography Specifications Version 2.2",
              "tags": [
                "technical-description"
              ],
              "url": "https://www.rfc-editor.org/rfc/rfc8017"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUpgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at \u003ca href=\"https://libreswan.org/security/CVE-2026-50722/\"\u003ehttps://libreswan.org/security/CVE-2026-50722/\u003c/a\u003e\u003c/p\u003e"
                }
              ],
              "value": "Upgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at https://libreswan.org/security/CVE-2026-50722/"
            }
          ],
          "source": {
            "defects": [
              "CVE-2026-50722"
            ],
            "discovery": "EXTERNAL"
          },
          "taxonomyMappings": [
            {
              "taxonomyName": "ATT\u0026CK",
              "taxonomyRelations": [
                {
                  "relationshipName": "maps to",
                  "relationshipValue": "Application or System Exploitation (DoS)",
                  "taxonomyId": "T1499.004"
                }
              ],
              "taxonomyVersion": "15.1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-24T00:00:00.000Z",
              "value": "Libreswan notified of the issue via security@libreswan.org"
            },
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "Advanced notice given to supported customers and distributions"
            },
            {
              "lang": "en",
              "time": "2026-06-24T00:00:00.000Z",
              "value": "Public announcement and release of libreswan 5.3.1"
            }
          ],
          "title": "IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIf Windows support is not needed, configure \u003ccode\u003eauthby=ecdsa\u003c/code\u003e or \u003ccode\u003eauthby=rsa-sha2\u003c/code\u003e (or both via \u003ccode\u003eauthby=ecdsa,rsa-sha2\u003c/code\u003e) to disallow the fallback of RSA PKCS#1 1.5. The \u003ccode\u003eleftauth=\u003c/code\u003e and \u003ccode\u003erightauth=\u003c/code\u003e settings can be updated similarly if those are in use instead of \u003ccode\u003eauthby\u003c/code\u003e.\u003c/p\u003e"
                }
              ],
              "value": "If Windows support is not needed, configure authby=ecdsa or authby=rsa-sha2 (or both via authby=ecdsa,rsa-sha2) to disallow the fallback of RSA PKCS#1 1.5. The leftauth= and rightauth= settings can be updated similarly if those are in use instead of authby."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
        "assignerShortName": "libreswan",
        "cveId": "CVE-2026-50722",
        "datePublished": "2026-07-02T21:34:41.413Z",
        "dateReserved": "2026-06-05T16:10:05.751Z",
        "dateUpdated": "2026-07-07T17:02:06.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12413 (GCVE-0-2026-12413)

    Vulnerability from cvelistv5 – Published: 2026-07-02 21:19 – Updated: 2026-07-07 17:02
    VLAI
    Title
    IKEv2 Denial of Service via malformed fragmentation
    Summary
    An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md->digest_roof < elemsof(md->digest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    The Libreswan Project libreswan Affected: 4.6 , ≤ 5.3 (semver)
    Unaffected: 5.3.1 (semver)
    Create a notification for this product.
    Credits
    Hu Xinyao
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12413",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:12:21.499364Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T17:02:12.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "libreswan",
              "vendor": "The Libreswan Project",
              "versions": [
                {
                  "lessThanOrEqual": "5.3",
                  "status": "affected",
                  "version": "4.6",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "5.3.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hu Xinyao"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md-\u003edigest_roof \u003c elemsof(md-\u003edigest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "other": {
                "content": {
                  "description": "Vendor-assessed severity. The daemon automatically restarts after the crash, requiring continued exploitation for sustained denial of service.",
                  "value": "MEDIUM"
                },
                "type": "vendorSeverity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-193",
                  "description": "Off-by-one Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T21:19:22.177Z",
            "orgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
            "shortName": "libreswan"
          },
          "references": [
            {
              "name": "Libreswan Security Advisory",
              "url": "https://libreswan.org/security/CVE-2026-12413/CVE-2026-12413.txt"
            },
            {
              "name": "Libreswan CVE-2026-12413 Patches",
              "url": "https://libreswan.org/security/CVE-2026-12413/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at https://libreswan.org"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "Libreswan notified of the issue via security@libreswan.org"
            },
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "Advanced notice given to supported customers and distributions"
            },
            {
              "lang": "en",
              "time": "2026-06-24T00:00:00.000Z",
              "value": "Public announcement and release of libreswan 5.3.1"
            }
          ],
          "title": "IKEv2 Denial of Service via malformed fragmentation",
          "workarounds": [
            {
              "lang": "en",
              "value": "If fragmentation is not needed, fragmentation=no can be added to all IKEv2 configurations. If fragmentation is needed, no workaround is possible and the fix needs to be applied."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
        "assignerShortName": "libreswan",
        "cveId": "CVE-2026-12413",
        "datePublished": "2026-07-02T21:19:22.177Z",
        "dateReserved": "2026-06-16T15:52:12.674Z",
        "dateUpdated": "2026-07-07T17:02:12.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3652 (GCVE-0-2024-3652)

    Vulnerability from cvelistv5 – Published: 2024-04-11 01:32 – Updated: 2026-02-27 15:19
    VLAI
    Title
    IKEv1 default AH/ESP responder can cause libreswan to abort and restart
    Summary
    The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • IKEv1 with default AH/ESP configuration can cause libreswan to abort and restart
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    Impacted products
    Vendor Product Version
    The Libreswan Project (www.libreswan.org) libreswan Affected: 3.22 , ≤ 4.14 (semver)
    Unaffected: 5.0
    Create a notification for this product.
    Date Public
    2024-04-12 21:00
    Credits
    github user X1AOxiang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3652",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-11T17:26:47.015453Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-404",
                    "description": "CWE-404 Improper Resource Shutdown or Release",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-27T15:19:48.988Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:19:59.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "CVE-2024-3652",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2024-3652"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/04/18/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "libreswan",
              "vendor": "The Libreswan Project (www.libreswan.org)",
              "versions": [
                {
                  "lessThanOrEqual": "4.14",
                  "status": "affected",
                  "version": "3.22",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "5.0"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "value": "The vulnerability can only be triggered for connections with ikev2=no that do not specify an esp= option."
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "github user X1AOxiang"
            }
          ],
          "datePublic": "2024-04-12T21:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan\u0027s default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "IKEv1 with default AH/ESP configuration can cause libreswan to abort and restart",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T17:10:23.219Z",
            "orgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
            "shortName": "libreswan"
          },
          "references": [
            {
              "name": "CVE-2024-3652",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://libreswan.org/security/CVE-2024-3652"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/04/18/2"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed in 4.15 and all later versions."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-24T00:00:00.000Z",
              "value": "Issue reported publicly by github user X1AOxiang via https://github.com/libreswan/libreswan/issues/1665"
            },
            {
              "lang": "en",
              "time": "2024-03-27T00:00:00.000Z",
              "value": "Fix published in commit 03caa63de1e3 (as issue was already public via githb issue)"
            },
            {
              "lang": "en",
              "time": "2024-04-10T00:00:00.000Z",
              "value": "Advanced notice given to support customers and distributions"
            },
            {
              "lang": "en",
              "time": "2024-04-12T00:00:00.000Z",
              "value": "CVE-2024-3652 published"
            }
          ],
          "title": "IKEv1 default AH/ESP responder can cause libreswan to abort and restart",
          "workarounds": [
            {
              "lang": "en",
              "value": "As a workaround, adding an esp= line to all IKEv1 connections works around the issue. An example covering most common default configurations would be: esp=aes-sha2_512,aes-sha1,aes-sha2_256,aes-md5,3des-sha1,3des-md5."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d42dc95b-23f1-4e06-9076-20753a0fb0df",
        "assignerShortName": "libreswan",
        "cveId": "CVE-2024-3652",
        "datePublished": "2024-04-11T01:32:13.433Z",
        "dateReserved": "2024-04-11T01:28:41.331Z",
        "dateUpdated": "2026-02-27T15:19:48.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38710 (GCVE-0-2023-38710)

    Vulnerability from cvelistv5 – Published: 2023-08-25 00:00 – Updated: 2024-11-26 21:53
    VLAI
    Summary
    An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/tags"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2023-38710/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38710",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-18T17:07:09.396495Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T21:53:27.752Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload\u0027s protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T20:28:53.862Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/libreswan/libreswan/tags"
            },
            {
              "url": "https://libreswan.org/security/CVE-2023-38710/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38710",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-07-24T00:00:00.000Z",
        "dateUpdated": "2024-11-26T21:53:27.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38712 (GCVE-0-2023-38712)

    Vulnerability from cvelistv5 – Published: 2023-08-25 00:00 – Updated: 2024-08-02 17:46
    VLAI
    Summary
    An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/tags"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2023-38712/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T20:31:56.483Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/libreswan/libreswan/tags"
            },
            {
              "url": "https://libreswan.org/security/CVE-2023-38712/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38712",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-07-24T00:00:00.000Z",
        "dateUpdated": "2024-08-02T17:46:56.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38711 (GCVE-0-2023-38711)

    Vulnerability from cvelistv5 – Published: 2023-08-25 00:00 – Updated: 2024-08-02 17:46
    VLAI
    Summary
    An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-22T19:44:03.355698Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-22T19:44:10.044Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.601Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/tags"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2023-38711/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T20:30:07.355Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/libreswan/libreswan/tags"
            },
            {
              "url": "https://libreswan.org/security/CVE-2023-38711/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38711",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-07-24T00:00:00.000Z",
        "dateUpdated": "2024-08-02T17:46:56.601Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-30570 (GCVE-0-2023-30570)

    Vulnerability from cvelistv5 – Published: 2023-05-28 00:00 – Updated: 2025-01-14 18:14
    VLAI
    Summary
    pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:28:51.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30570",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T18:14:34.147387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T18:14:42.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-28T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-30570",
        "datePublished": "2023-05-28T00:00:00.000Z",
        "dateReserved": "2023-04-12T00:00:00.000Z",
        "dateUpdated": "2025-01-14T18:14:42.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2295 (GCVE-0-2023-2295)

    Vulnerability from cvelistv5 – Published: 2023-05-17 00:00 – Updated: 2025-01-22 18:25
    VLAI
    Summary
    A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    n/a libreswan Affected: Affects libreswan v4.9-1.el8 and libreswan v4.9-1.el9, Fixed in libreswan v4.9-3.el8_8 and libreswan v4.9-4.el9_2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:19:14.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189777"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-2295"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3107"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3148"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2295",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-22T18:25:10.231021Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-22T18:25:15.561Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libreswan",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Affects libreswan v4.9-1.el8 and libreswan v4.9-1.el9, Fixed in libreswan v4.9-3.el8_8 and libreswan v4.9-4.el9_2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 - Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-17T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189777"
            },
            {
              "url": "https://access.redhat.com/security/cve/CVE-2023-2295"
            },
            {
              "url": "https://access.redhat.com/errata/RHSA-2023:3107"
            },
            {
              "url": "https://access.redhat.com/errata/RHSA-2023:3148"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-2295",
        "datePublished": "2023-05-17T00:00:00.000Z",
        "dateReserved": "2023-04-26T00:00:00.000Z",
        "dateUpdated": "2025-01-22T18:25:15.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23009 (GCVE-0-2023-23009)

    Vulnerability from cvelistv5 – Published: 2023-02-21 00:00 – Updated: 2025-03-17 17:02
    VLAI
    Summary
    Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:39.782Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/issues/954"
              },
              {
                "name": "DSA-5368",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5368"
              },
              {
                "name": "FEDORA-2023-a2348480cb",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MFOIQX2LRL43P3GJT33DE7G7COHNXDN/"
              },
              {
                "name": "FEDORA-2023-42ec148952",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSMYJH7MC2FZGCY5NH5AXULO3ISXIHOF/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23009",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-17T17:02:01.153244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T17:02:28.993Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-22T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/libreswan/libreswan/issues/954"
            },
            {
              "name": "DSA-5368",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5368"
            },
            {
              "name": "FEDORA-2023-a2348480cb",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MFOIQX2LRL43P3GJT33DE7G7COHNXDN/"
            },
            {
              "name": "FEDORA-2023-42ec148952",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSMYJH7MC2FZGCY5NH5AXULO3ISXIHOF/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-23009",
        "datePublished": "2023-02-21T00:00:00.000Z",
        "dateReserved": "2023-01-11T00:00:00.000Z",
        "dateUpdated": "2025-03-17T17:02:28.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23094 (GCVE-0-2022-23094)

    Vulnerability from cvelistv5 – Published: 2022-01-15 01:37 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:43.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2022-23094"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/issues/585"
              },
              {
                "name": "DSA-5048",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5048"
              },
              {
                "name": "FEDORA-2022-a4bca77f88",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP/"
              },
              {
                "name": "FEDORA-2022-42e0892147",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-20T16:06:23.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://libreswan.org/security/CVE-2022-23094"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/libreswan/libreswan/issues/585"
            },
            {
              "name": "DSA-5048",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5048"
            },
            {
              "name": "FEDORA-2022-a4bca77f88",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP/"
            },
            {
              "name": "FEDORA-2022-42e0892147",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-23094",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://libreswan.org/security/CVE-2022-23094",
                  "refsource": "MISC",
                  "url": "https://libreswan.org/security/CVE-2022-23094"
                },
                {
                  "name": "https://github.com/libreswan/libreswan/issues/585",
                  "refsource": "MISC",
                  "url": "https://github.com/libreswan/libreswan/issues/585"
                },
                {
                  "name": "DSA-5048",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5048"
                },
                {
                  "name": "FEDORA-2022-a4bca77f88",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP/"
                },
                {
                  "name": "FEDORA-2022-42e0892147",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-23094",
        "datePublished": "2022-01-15T01:37:32.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:43.512Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1763 (GCVE-0-2020-1763)

    Vulnerability from cvelistv5 – Published: 2020-05-12 13:41 – Updated: 2024-08-04 06:46
    VLAI
    Summary
    An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    the libreswan Project libreswan Affected: from versions 3.27 till 3.31
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:46:30.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"
              },
              {
                "name": "DSA-4684",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4684"
              },
              {
                "name": "GLSA-202007-21",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-21"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libreswan",
              "vendor": "the libreswan Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "from versions 3.27 till 3.31"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-12T05:48:52.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"
            },
            {
              "name": "DSA-4684",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4684"
            },
            {
              "name": "GLSA-202007-21",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202007-21"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-1763",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "libreswan",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "from versions 3.27 till 3.31"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "the libreswan Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt",
                  "refsource": "CONFIRM",
                  "url": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329"
                },
                {
                  "name": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"
                },
                {
                  "name": "DSA-4684",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4684"
                },
                {
                  "name": "GLSA-202007-21",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202007-21"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-1763",
        "datePublished": "2020-05-12T13:41:20.000Z",
        "dateReserved": "2019-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:46:30.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10155 (GCVE-0-2019-10155)

    Vulnerability from cvelistv5 – Published: 2019-06-12 13:51 – Updated: 2024-08-04 22:10
    VLAI
    Summary
    The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:10:09.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2019-10155/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"
              },
              {
                "name": "FEDORA-2019-f7fb531958",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"
              },
              {
                "name": "FEDORA-2019-1bd9cfb718",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"
              },
              {
                "name": "RHSA-2019:3391",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3391"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libreswan",
              "vendor": "the libreswan Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.29"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-354",
                  "description": "CWE-354",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T00:07:32.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://libreswan.org/security/CVE-2019-10155/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"
            },
            {
              "name": "FEDORA-2019-f7fb531958",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"
            },
            {
              "name": "FEDORA-2019-1bd9cfb718",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"
            },
            {
              "name": "RHSA-2019:3391",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3391"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2019-10155",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "libreswan",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.29"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "the libreswan Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-354"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://libreswan.org/security/CVE-2019-10155/",
                  "refsource": "MISC",
                  "url": "https://libreswan.org/security/CVE-2019-10155/"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155"
                },
                {
                  "name": "FEDORA-2019-f7fb531958",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/"
                },
                {
                  "name": "FEDORA-2019-1bd9cfb718",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/"
                },
                {
                  "name": "RHSA-2019:3391",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3391"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2019-10155",
        "datePublished": "2019-06-12T13:51:01.000Z",
        "dateReserved": "2019-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:10:09.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12312 (GCVE-0-2019-12312)

    Vulnerability from cvelistv5 – Published: 2019-05-24 13:06 – Updated: 2024-08-04 23:17
    VLAI
    Summary
    In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:17:40.062Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.iwantacve.cn/index.php/archives/218/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/issues/246"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-06T18:51:42.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.iwantacve.cn/index.php/archives/218/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/libreswan/libreswan/issues/246"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-12312",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.iwantacve.cn/index.php/archives/218/",
                  "refsource": "MISC",
                  "url": "http://www.iwantacve.cn/index.php/archives/218/"
                },
                {
                  "name": "https://github.com/libreswan/libreswan/issues/246",
                  "refsource": "MISC",
                  "url": "https://github.com/libreswan/libreswan/issues/246"
                },
                {
                  "name": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683",
                  "refsource": "MISC",
                  "url": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683"
                },
                {
                  "name": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt",
                  "refsource": "CONFIRM",
                  "url": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt"
                },
                {
                  "name": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch",
                  "refsource": "CONFIRM",
                  "url": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-12312",
        "datePublished": "2019-05-24T13:06:41.000Z",
        "dateReserved": "2019-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:17:40.062Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201401-0260

    Vulnerability from variot - Updated: 2023-12-18 10:43

    Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Openswan is a VPN implemented using ipsec technology. Versions prior to Libreswan 3.8 are vulnerable. Openswan is prone to a remote denial-of-service vulnerability due to a use-after-free error. An attacker may exploit this issue to crash the application, resulting in a denial-of-service condition. Note: This issue occurs only when Openswan is configured with 'nhelpers=0'. Openswan 2.3.0 to 2.6.36 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0260",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "libreswan",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "libreswan",
            "version": "3.6"
          },
          {
            "model": "libreswan",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "libreswan",
            "version": "3.4"
          },
          {
            "model": "libreswan",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "libreswan",
            "version": "3.3"
          },
          {
            "model": "libreswan",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "libreswan",
            "version": "3.7"
          },
          {
            "model": "libreswan",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "libreswan",
            "version": "3.0"
          },
          {
            "model": "libreswan",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "libreswan",
            "version": "3.5"
          },
          {
            "model": "libreswan",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "libreswan",
            "version": "3.1"
          },
          {
            "model": "libreswan",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "libreswan",
            "version": "3.2"
          },
          {
            "model": "libreswan",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "libreswan",
            "version": "3.7"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "3.7"
          },
          {
            "model": "enterprise linux workstation optional",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "enterprise linux server optional",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "model": "enterprise linux desktop client",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.22"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.21"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.20"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.16"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.36"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.35"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.33"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.29"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.28"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.27"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.26"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openswan",
            "version": "2.6.25"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "aura application server sip core",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "model": "contact fl mguard smart2 vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard smart2 vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard smart2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard smart2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard rs4004 tx/dtx vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard rs4004 tx/dtx vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard rs4004 tx/dtx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard rs4004 tx/dtx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx vpn-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx vpn-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard rs2005 tx vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard rs2005 tx vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard rs2000 tx/tx vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard rs2000 tx/tx vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard rs vpn analog",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard rs vpn analog",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard rs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard rs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard pcie4000 vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard pcie4000 vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard pci4000 vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard pci4000 vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard pci4000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard pci4000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard gt/gt vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard gt/gt vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard gt/gt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard gt/gt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard delta tx/tx vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard delta tx/tx vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard delta tx/tx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard delta tx/tx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "contact fl mguard centerport",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.1"
          },
          {
            "model": "contact fl mguard centerport",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.0"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.2"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.38"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.37"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.34"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.31"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.30"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.24"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.23"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.19"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.18"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.17"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.15"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.14"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.2"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.39"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.13"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.12"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.11"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.10"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.09"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.08"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.07"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.06"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.05"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.04"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.03"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.01"
          },
          {
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "6"
          },
          {
            "model": "aura conferencing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "model": "aura application server sip core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53003.0"
          },
          {
            "model": "contact fl mguard smart2 vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard smart2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard rs4004 tx/dtx vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard rs4004 tx/dtx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx-p",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx vpn-m",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard rs4000 tx/tx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard rs2005 tx vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard rs2000 tx/tx vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard rs vpn analog",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard rs",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard pcie4000 vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard pci4000 vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard pci4000",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard gt/gt vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard gt/gt",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard delta tx/tx vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard delta tx/tx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "contact fl mguard centerport",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "8.5.2"
          },
          {
            "model": "libreswan",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "libreswan",
            "version": "3.8"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.4.15"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.4.14"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.4.13"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.4.4"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.4.2"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.4"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.3.1"
          },
          {
            "model": "openswan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.3"
          },
          {
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "aura application server sip core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.1"
          },
          {
            "model": "openswan",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openswan",
            "version": "2.6.37"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00690"
          },
          {
            "db": "BID",
            "id": "65155"
          },
          {
            "db": "BID",
            "id": "64987"
          },
          {
            "db": "BID",
            "id": "50440"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005933"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6467"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-548"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-6467"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Iustina Melinte",
        "sources": [
          {
            "db": "BID",
            "id": "65155"
          },
          {
            "db": "BID",
            "id": "64987"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2013-6467",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2013-6467",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-00690",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-6467",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-00690",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201401-548",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005933"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6467"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-548"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Openswan is a VPN implemented using ipsec technology. \nVersions prior to Libreswan 3.8 are vulnerable. Openswan is prone to a remote denial-of-service vulnerability due to a use-after-free error. \nAn attacker may exploit this issue to crash the application, resulting in a denial-of-service condition. \nNote: This issue occurs only when Openswan is configured with \u0027nhelpers=0\u0027. \nOpenswan 2.3.0 to 2.6.36 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-6467"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005933"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00690"
          },
          {
            "db": "BID",
            "id": "65155"
          },
          {
            "db": "BID",
            "id": "64987"
          },
          {
            "db": "BID",
            "id": "50440"
          }
        ],
        "trust": 2.97
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-6467",
            "trust": 3.9
          },
          {
            "db": "BID",
            "id": "64987",
            "trust": 1.9
          },
          {
            "db": "SECUNIA",
            "id": "56420",
            "trust": 1.6
          },
          {
            "db": "OSVDB",
            "id": "102172",
            "trust": 1.6
          },
          {
            "db": "BID",
            "id": "65155",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005933",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00690",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "90522",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "20136467",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-548",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-250-02",
            "trust": 0.3
          },
          {
            "db": "BID",
            "id": "50440",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00690"
          },
          {
            "db": "BID",
            "id": "65155"
          },
          {
            "db": "BID",
            "id": "64987"
          },
          {
            "db": "BID",
            "id": "50440"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005933"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6467"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-548"
          }
        ]
      },
      "id": "VAR-201401-0260",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00690"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00690"
          }
        ]
      },
      "last_update_date": "2023-12-18T10:43:38.883000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CVE-2013-6467 Libreswan dereferencing missing IKEv2 payloads causes restart",
            "trust": 0.8,
            "url": "https://libreswan.org/security/cve-2013-6467/cve-2013-6467.txt"
          },
          {
            "title": "Patch for Openswan IKEv2 Load Remote Denial of Service Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/43206"
          },
          {
            "title": "libreswan-3.8",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47727"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005933"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-548"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005933"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6467"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://libreswan.org/security/cve-2013-6467/cve-2013-6467.txt"
          },
          {
            "trust": 1.6,
            "url": "http://osvdb.org/102172"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/56420"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/64987"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90522"
          },
          {
            "trust": 0.9,
            "url": "http://www.openswan.org/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6467"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6467"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/90522"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/100178570"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-250-02"
          },
          {
            "trust": 0.3,
            "url": "https://download.libreswan.org/changes"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100152275"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00690"
          },
          {
            "db": "BID",
            "id": "65155"
          },
          {
            "db": "BID",
            "id": "64987"
          },
          {
            "db": "BID",
            "id": "50440"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005933"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6467"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-548"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00690"
          },
          {
            "db": "BID",
            "id": "65155"
          },
          {
            "db": "BID",
            "id": "64987"
          },
          {
            "db": "BID",
            "id": "50440"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005933"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6467"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-548"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-00690"
          },
          {
            "date": "2014-01-27T00:00:00",
            "db": "BID",
            "id": "65155"
          },
          {
            "date": "2014-01-15T00:00:00",
            "db": "BID",
            "id": "64987"
          },
          {
            "date": "2011-10-31T00:00:00",
            "db": "BID",
            "id": "50440"
          },
          {
            "date": "2014-01-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-005933"
          },
          {
            "date": "2014-01-26T20:55:05.377000",
            "db": "NVD",
            "id": "CVE-2013-6467"
          },
          {
            "date": "2014-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201401-548"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-00690"
          },
          {
            "date": "2017-09-08T13:13:00",
            "db": "BID",
            "id": "65155"
          },
          {
            "date": "2015-04-13T21:58:00",
            "db": "BID",
            "id": "64987"
          },
          {
            "date": "2015-04-13T21:50:00",
            "db": "BID",
            "id": "50440"
          },
          {
            "date": "2014-01-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-005933"
          },
          {
            "date": "2017-08-29T01:33:58.827000",
            "db": "NVD",
            "id": "CVE-2013-6467"
          },
          {
            "date": "2014-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201401-548"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "65155"
          },
          {
            "db": "BID",
            "id": "64987"
          },
          {
            "db": "BID",
            "id": "50440"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Libreswan Service disruption in  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005933"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "65155"
          },
          {
            "db": "BID",
            "id": "64987"
          }
        ],
        "trust": 0.6
      }
    }