Lucene search

[email protected]NVD:CVE-2013-2054

HistoryJul 09, 2013 - 5:55 p.m.

CVE-2013-2054

2013-07-0917:55:01

CWE-119

[email protected]

web.nvd.nist.gov

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON

Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.

Affected configurations

NVD

Node

strongswanstrongswanMatch2.0.0

strongswanstrongswanMatch2.0.1

strongswanstrongswanMatch2.0.2

strongswanstrongswanMatch2.1.0

strongswanstrongswanMatch2.1.1

strongswanstrongswanMatch2.1.2

strongswanstrongswanMatch2.1.3

strongswanstrongswanMatch2.1.4

strongswanstrongswanMatch2.1.5

strongswanstrongswanMatch2.3.0

strongswanstrongswanMatch2.3.1

strongswanstrongswanMatch2.3.2

strongswanstrongswanMatch2.4

strongswanstrongswanMatch2.4.0

strongswanstrongswanMatch2.4.0a

strongswanstrongswanMatch2.4.1

strongswanstrongswanMatch2.4.2

strongswanstrongswanMatch2.4.3

strongswanstrongswanMatch2.4.4

strongswanstrongswanMatch2.5.0

strongswanstrongswanMatch2.5.1

strongswanstrongswanMatch2.5.2

strongswanstrongswanMatch2.5.3

strongswanstrongswanMatch2.5.4

strongswanstrongswanMatch2.5.5

strongswanstrongswanMatch2.5.6

strongswanstrongswanMatch2.5.7

strongswanstrongswanMatch2.6

strongswanstrongswanMatch2.6.0

strongswanstrongswanMatch2.6.1

strongswanstrongswanMatch2.6.2

strongswanstrongswanMatch2.6.3

strongswanstrongswanMatch2.6.4

strongswanstrongswanMatch2.6.14

strongswanstrongswanMatch2.6.16

strongswanstrongswanMatch2.6.20

strongswanstrongswanMatch2.6.21

strongswanstrongswanMatch2.7.0

strongswanstrongswanMatch2.7.1

strongswanstrongswanMatch2.7.2

strongswanstrongswanMatch2.7.3

strongswanstrongswanMatch2.8.0

strongswanstrongswanMatch2.8.1

strongswanstrongswanMatch2.8.2

strongswanstrongswanMatch2.8.3

strongswanstrongswanMatch2.8.4

strongswanstrongswanMatch2.8.5

strongswanstrongswanMatch2.8.6

strongswanstrongswanMatch2.8.7

strongswanstrongswanMatch2.8.8

strongswanstrongswanMatch2.8.9

strongswanstrongswanMatch2.8.10

strongswanstrongswanMatch2.8.11

strongswanstrongswanMatch4.0.0

strongswanstrongswanMatch4.0.1

strongswanstrongswanMatch4.0.2

strongswanstrongswanMatch4.0.3

strongswanstrongswanMatch4.0.4

strongswanstrongswanMatch4.0.5

strongswanstrongswanMatch4.0.6

strongswanstrongswanMatch4.0.7

strongswanstrongswanMatch4.1

strongswanstrongswanMatch4.1.0

strongswanstrongswanMatch4.1.1

strongswanstrongswanMatch4.1.2

strongswanstrongswanMatch4.1.3

strongswanstrongswanMatch4.1.4

strongswanstrongswanMatch4.1.5

strongswanstrongswanMatch4.1.6

strongswanstrongswanMatch4.1.7

strongswanstrongswanMatch4.1.8

strongswanstrongswanMatch4.1.9

strongswanstrongswanMatch4.1.10

strongswanstrongswanMatch4.1.11

strongswanstrongswanMatch4.2.0

strongswanstrongswanMatch4.2.1

strongswanstrongswanMatch4.2.2

strongswanstrongswanMatch4.2.3

strongswanstrongswanMatch4.2.4

strongswanstrongswanMatch4.2.5

strongswanstrongswanMatch4.2.6

strongswanstrongswanMatch4.2.7

strongswanstrongswanMatch4.2.8

strongswanstrongswanMatch4.2.9

strongswanstrongswanMatch4.2.10

strongswanstrongswanMatch4.2.11

strongswanstrongswanMatch4.2.12

strongswanstrongswanMatch4.2.13

strongswanstrongswanMatch4.2.14

strongswanstrongswanMatch4.2.15

strongswanstrongswanMatch4.2.16

strongswanstrongswanMatch4.3.0

strongswanstrongswanMatch4.3.1

strongswanstrongswanMatch4.3.2

strongswanstrongswanMatch4.3.3

strongswanstrongswanMatch4.3.4

References

download.strongswan.org/security/CVE-2013-2054/CVE-2013-2054.txt

www.securityfocus.com/bid/59837

lists.libreswan.org/pipermail/swan-announce/2013/000003.html

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON

Related for NVD:CVE-2013-2054

cve3 ubuntucve2 debiancve2 prion3 cvelist3 nvd2 openvas13 oraclelinux1 nessus10 centos1 veracode1 gentoo2 suse1 amazon1 redhat1 securityvulns2 debian1 osv1