Lucene search
K

122 matches found

RedHat Linux
RedHat Linux
added 2022/01/24 2:7 p.m.4 views

libreswan: Malicious IKEv1 packet can cause libreswan to restart

A vulnerability was found in libreswan. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference issue, leading to a crash of the pluto daemon...

7.5CVSS5.7AI score0.02699EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2022/01/13 7:42 a.m.39 views

CVE-2022-23094

A vulnerability was found in libreswan. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference issue, leading to a crash of the pluto daemon. Mitigation If all configured connections are using IKEv2, the IKEv1 subsystem can be disabled by adding...

7.5CVSS1.6AI score0.02699EPSS
Exploits1References4
CNVD
CNVD
added 2022/01/13 12:0 a.m.20 views

Libreswan Code Issue Vulnerability (CNVD-2022-15522)

Libreswan is an IPsec implementation similar to Openswan, which is mainly used to ensure security, integrity issues in data transmission. libreswan has a code issue vulnerability that can be exploited by an attacker to send specially crafted IKEv1 packets to an application, triggering a logging...

7.5CVSS3.4AI score0.02699EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.2 views

Libreswan 代码问题漏洞

Libreswan is an IPsec implementation similar to Openswan, which is mainly used to ensure security, integrity issues in data transmission. libreswan has a code issue vulnerability that can be exploited by an attacker to send specially crafted IKEv1 packets to an application, triggering a logging...

7.5CVSS5.7AI score0.02699EPSS
Exploits1References19
BDU FSTEC
BDU FSTEC
added 2020/08/14 12:0 a.m.4 views

The vulnerability of the Pluto demon in the VPN protocol using “IPsec” with libreswan, which involves reading data beyond the allowed buffer limits, allows a hacker to cause a service failure.

The vulnerability of the Pluto demon’s VPN protocol using “IPsec” in libreswan involves reading data beyond the allowed buffer limits. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

7.8CVSS7AI score0.03288EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.21 views

NewStart CGSL MAIN 6.01 : libreswan Vulnerability (NS-SA-2020-0035)

The remote NewStart CGSL host, running version MAIN 6.01, has libreswan packages installed that are affected by a vulnerability: - An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to...

7.5CVSS6.8AI score0.03288EPSS
Exploits0References2
OSV
OSV
added 2020/05/15 3:48 p.m.2 views

MGASA-2020-0215 Updated libreswan packages fix security vulnerability

Updated libreswan packages fix security vulnerability: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the...

7.5CVSS7.5AI score0.03288EPSS
Exploits0References4
Mageia
Mageia
added 2020/05/15 3:48 p.m.29 views

Updated libreswan packages fix security vulnerability

Updated libreswan packages fix security vulnerability: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the...

7.5CVSS2.8AI score0.03288EPSS
Exploits0References3
CNVD
CNVD
added 2020/05/13 12:0 a.m.1 views

Libreswan Buffer Overflow Vulnerability

Libreswan is an IPsec implementation similar to Openswan, which is mainly used to ensure security, integrity issues in data transmission. A buffer overflow vulnerability exists in the pluto daemon in libreswan versions 3.27 through 3.31. An attacker can exploit this vulnerability by sending...

7.5CVSS7.4AI score0.03288EPSS
Exploits0References1
Prion
Prion
added 2020/05/12 2:15 p.m.26 views

Cross site scripting

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

5CVSS7.4AI score0.03288EPSS
Exploits0References8Affected Software1
UbuntuCve
UbuntuCve
added 2020/05/12 2:15 p.m.27 views

CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

7.5CVSS6.9AI score0.03288EPSS
Exploits0References5
OSV
OSV
added 2020/05/12 2:15 p.m.1 views

UBUNTU-CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

7.5CVSS6.3AI score0.03288EPSS
Exploits0References6
CVE
CVE
added 2020/05/12 1:41 p.m.123 views

CVE-2020-1763

Libreswan pluto daemon contained an out-of-bounds buffer read in versions 3.27–3.31. An unauthenticated attacker could crash libreswan by sending specially crafted IKEv1 Informational Exchange packets; the daemon respawns after the crash. Documented advisories from Debian, Mageia, Gentoo, and oth...

7.5CVSS7.3AI score0.03288EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2020/05/12 10:36 a.m.27 views

CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. Mitigation Red Hat has investigated whether a...

5CVSS1.7AI score0.03288EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/12 7:48 a.m.3 views

libreswan: DoS attack via malicious IKEv1 informational exchange message

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

7.5CVSS6.3AI score0.03288EPSS
Exploits0References5
Veracode
Veracode
added 2020/04/10 12:34 a.m.24 views

Denial Of Service (DoS)

openswan is vulnerable to denial of service DoS. The vulnerability exists through the way Openswan's pluto IKE daemon processed some fields of X.509 certificates. A remote attacker could provide a specially-crafted X.509 certificate that would crash the pluto daemon...

5CVSS3.9AI score0.02372EPSS
Exploits0References26Affected Software1
Veracode
Veracode
added 2020/04/10 12:31 a.m.17 views

Denial Of Service (DoS)

openswan is vulnerable to denial of service DoS. The vulnerability exists as a flaw in the Dead Peer Detection DPD in Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD packet to crash the pluto daemon...

5CVSS3.4AI score0.03205EPSS
Exploits2References19Affected Software1
OSV
OSV
added 2019/05/24 2:29 p.m.1 views

DEBIAN-CVE-2019-12312

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...

7.5CVSS9AI score0.02748EPSS
Exploits1References1
CNVD
CNVD
added 2017/06/16 12:0 a.m.3 views

Libreswan Denial of Service Vulnerability (CNVD-2017-13245)

Libreswan is an IPsec implementation similar to Openswan, which is mainly used to ensure security, integrity issues in data transmission. A security vulnerability exists in Libreswan versions prior to 3.18. A remote attacker can exploit this vulnerability to cause a denial of service null pointer...

7.5CVSS6.9AI score0.03013EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/06/13 5:29 p.m.21 views

CVE-2016-5391

libreswan before 3.18 allows remote attackers to cause a denial of service NULL pointer dereference and pluto daemon restart...

7.5CVSS7.2AI score0.03013EPSS
Exploits0References2
Rows per page
Query Builder