33 matches found
EUVD-2013-5388
Malware in sbrugna...
EUVD-2024-32230
Malicious code in bioql PyPI...
CLSA-2025-1752749664 libreswan: Fix of CVE-2024-3652
CVE-2024-3652: fix assertion failure and crash caused by requesting AES-GMAC without specifying esp= line...
TencentOS Server 3: libreswan (TSSA-2024:0322)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0322 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2013-5548
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795...
Amazon Linux 2 : libreswan (ALAS-2024-2596)
The version of libreswan installed on the remote host is prior to 3.25-4.8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2596 advisory. The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. Wh...
Medium: libreswan
Issue Overview: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not...
libreswan: IKEv1 default AH/ESP responder can crash and restart
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...
libreswan: IKEv1 default AH/ESP responder can crash and restart
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...
libreswan: IKEv1 default AH/ESP responder can crash and restart
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...
libreswan: IKEv1 default AH/ESP responder can crash and restart
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the computeprotokeymat function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an...
Amazon Linux 2023 : libreswan (ALAS2023-2024-621)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-621 advisory. The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes...
Medium: libreswan
Issue Overview: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not...
Medium: libreswan
Issue Overview: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not...
Libreswan 3.22 < 4.15 / 5.0rc1 < 5.0 DoS
The version of Libreswan installed on the remote host is between 3.22 and 4.14, or a 5.0 release candidate prior to 5.0 . It is, therefore, affected by a denial of service DoS vulnerability. The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without...
Updated libreswan packages fix security vulnerability
CVE-2024-3652: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affect...
MGASA-2024-0138 Updated libreswan packages fix security vulnerability
CVE-2024-3652: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affect...
AZL-39927 CVE-2024-3652 affecting package libreswan for versions less than 4.14-2
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected...
DEBIAN-CVE-2024-3652
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected...
CVE-2024-3652
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected...