7 matches found
MiracleLinux 9 : libreswan-4.6-3.el9.1 (AXSA:2023-5325:02)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5325:02 advisory. libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan CVE-2023-30570 Tenable has extracted the preceding description block directly from the...
Linux Distros Unpatched Vulnerability : CVE-2019-10155
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the...
Fedora: Security Advisory (FEDORA-2024-342c3cc98f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 9 : libreswan-4.9-4.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the libreswan-4.9-4.el9 build changelog. - remote DoS via crafted TS payload with an incorrect selector length rhbz2173674 CVE-2023-23009 - pluto in Libreswan before 4.11 allows a...
CVE-2023-38710
An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...
Debian DSA-5368-1 : libreswan - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5368 advisory. It was discovered that the libreswan IPsec implementation could be forced into a crash/restart via malformed IKEv2 packets after peer authentication, resulting in denial o...
CVE-2023-23009
A flaw was found in the Libreswan package. A crafted TS payload with an incorrect selector length may allow a remote attacker to cause a denial of service...