Lucene search
+L

13 matches found

nessus
nessus
added 2026/07/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-12413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The functi...

7.5CVSS6.5AI score0.00597EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.15 views

PT-2026-55314

Name of the Vulnerable Software and Affected Versions Libreswan affected versions not specified Description An invalidly formatted IKEv2 fragment can cause the pluto daemon to crash and restart, leading to a denial of service. The issue occurs within the reassemble v2 incoming fragments function,...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References9
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-42486

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00691EPSS
Exploits0References2
redhat
redhat
added 2025/01/02 6:44 p.m.6 views

libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the...

7.5CVSS6.4AI score0.01175EPSS
Exploits0References6
osv
osv
added 2023/08/25 9:15 p.m.6 views

AZL-34937 CVE-2023-38712 affecting package libreswan for versions less than 4.7-6

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state...

6.5CVSS6.6AI score0.00691EPSS
Exploits0References1
osv
osv
added 2023/08/25 9:15 p.m.6 views

AZL-34935 CVE-2023-38710 affecting package libreswan for versions less than 4.7-6

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

6.5CVSS6.6AI score0.00691EPSS
Exploits0References1
osv
osv
added 2023/08/25 9:15 p.m.2 views

DEBIAN-CVE-2023-38710

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

6.5CVSS6.3AI score0.00691EPSS
Exploits0References1
prion
prion
added 2023/08/25 9:15 p.m.20 views

Null pointer dereference

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state...

4CVSS7.2AI score0.00691EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2023/08/25 12:0 a.m.3 views

Libreswan 代码问题漏洞

Libreswan is an IPsec implementation similar to Openswan, which is primarily used to ensure security and integrity issues in data transmission. A security vulnerability exists in Libreswan version 3.x, version 4.x up to and including version 4.12, which originates when an IKEv1 ISAKMP SA message...

6.5CVSS6.3AI score0.00691EPSS
Exploits0References3
osv
osv
added 2023/05/17 11:15 p.m.3 views

UBUNTU-CVE-2023-2295

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the...

7.5CVSS7.4AI score0.01581EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2023/05/17 12:0 a.m.6 views

CVE-2023-2295

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the...

8AI score0.01581EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 5:39 a.m.4 views

SUSE CVE-2013-2052

Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service pluto IKE daemon crash and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be t...

5.1CVSS7.8AI score0.0175EPSS
Exploits0References3
cnnvd
cnnvd
added 2022/01/12 12:0 a.m.2 views

Libreswan 代码问题漏洞

Libreswan is an IPsec implementation similar to Openswan, which is mainly used to ensure security, integrity issues in data transmission. libreswan has a code issue vulnerability that can be exploited by an attacker to send specially crafted IKEv1 packets to an application, triggering a logging...

7.5CVSS5.7AI score0.02699EPSS
Exploits1References19
Rows per page
Query Builder