Lucene search
K

27 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/14 12:0 a.m.33 views

RHEL 8 : libreswan (RHSA-2023:7052)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7052 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide...

6.5CVSS6.6AI score0.00691EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/10/31 2:34 a.m.1 views

SUSE CVE-2019-10155

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects...

3.1CVSS9AI score0.00512EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/10/31 2:31 a.m.2 views

SUSE CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

7.5CVSS7AI score0.03288EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.23 views

Oracle Linux 8 : libreswan (ELSA-2019-3391)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-3391 advisory. 3.29-6.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 3.29-6 - Resolves: rhbz1714331 support NSS based IKE KDFs require updated nss for rhbz...

3.5CVSS5.8AI score0.00512EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/25 9:15 p.m.3 views

CVE-2023-38712

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state...

6.5CVSS5.8AI score0.00691EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/08/25 12:0 a.m.38 views

CVE-2023-38712

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state...

6.5CVSS6.5AI score0.00691EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.2 views

SUSE CVE-2019-12312

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...

4.3CVSS9.2AI score0.02748EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/05/26 12:0 a.m.29 views

EulerOS 2.0 SP3 : libreswan (EulerOS-SA-2022-1738)

According to the versions of the libreswan package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity...

3.5CVSS5.6AI score0.00512EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/05/25 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for libreswan (EulerOS-SA-2022-1738)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.5CVSS4.4AI score0.00512EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/06/09 6:20 a.m.27 views

CVE-2020-11291

Possible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO...

9.8CVSS9.7AI score0.00937EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/02 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for libreswan (EulerOS-SA-2020-2312)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.5CVSS5.1AI score0.00512EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.21 views

NewStart CGSL MAIN 6.01 : libreswan Vulnerability (NS-SA-2020-0035)

The remote NewStart CGSL host, running version MAIN 6.01, has libreswan packages installed that are affected by a vulnerability: - An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to...

7.5CVSS6.8AI score0.03288EPSS
Exploits0References2
Mageia
Mageia
added 2020/05/15 3:48 p.m.32 views

Updated libreswan packages fix security vulnerability

Updated libreswan packages fix security vulnerability: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the...

7.5CVSS2.8AI score0.03288EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/05/14 12:0 a.m.37 views

Oracle Linux 8 : libreswan (ELSA-2020-2070)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-2070 advisory. 3.29-7.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 3.29-7 - Resolves: rhbz1814935 CVE-2020-1763 doS attack via malicious IKEv1 informational...

7.5CVSS6.7AI score0.03288EPSS
Exploits0References2
OSV
OSV
added 2020/05/12 2:15 p.m.17 views

CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

7.5CVSS7.5AI score0.03288EPSS
Exploits0References8
Cvelist
Cvelist
added 2020/05/12 1:41 p.m.17 views

CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

7.5CVSS7.4AI score0.03288EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2020/05/12 1:41 p.m.19 views

CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

7.5CVSS6.6AI score0.03288EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/05/12 8:42 a.m.3 views

libreswan: DoS attack via malicious IKEv1 informational exchange message

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

7.5CVSS6.3AI score0.03288EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/05/12 7:34 a.m.2 views

libreswan: DoS attack via malicious IKEv1 informational exchange message

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

7.5CVSS6.3AI score0.03288EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2020/05/12 12:0 a.m.33 views

libreswan security update

3.29-7.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 3.29-7 - Resolves: rhbz1814935 CVE-2020-1763 doS attack via malicious IKEv1 informational exchange message rhel-8.2.0.z...

7.5CVSS2.8AI score0.03288EPSS
Exploits0
Rows per page
Query Builder