CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2025/01/02 8:2 p.m.•4 views

libreswan: Missing PreSharedKey for connection can cause crash

A flaw was found in Libreswan. This issue causes Libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret, and the connection cannot find a matching configured secret. When automatically added on startup using the auto= keyword,...

6.5CVSS5.7AI score0.00566EPSS

Exploits0References6

Tenable Nessus•added 2024/04/30 12:0 a.m.•21 views

RHEL 8 : libreswan (RHSA-2024:2081)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2081 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

6.5CVSS6.2AI score0.00566EPSS

Tenable Nessus•added 2024/04/30 12:0 a.m.•24 views

RHEL 8 : libreswan (RHSA-2024:2082)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2082 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

6.5CVSS6.2AI score0.00566EPSS

Tenable Nessus•added 2024/04/29 12:0 a.m.•17 views

AlmaLinux 9 : libreswan (ALSA-2024:2033)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:2033 advisory. - The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use...

6.5CVSS6AI score0.00566EPSS

Tenable Nessus•added 2024/04/24 12:0 a.m.•17 views

Oracle Linux 8 : libreswan (ELSA-2024-1998)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-1998 advisory. 4.12-2.0.1.2 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.12-2.2 - Fix patch application in the previous change 4.12-2.1 - Fix CVE-2024-2357...

6.5CVSS6.1AI score0.00566EPSS

Tenable Nessus•added 2024/04/24 12:0 a.m.•31 views

Oracle Linux 9 : libreswan (ELSA-2024-2033)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2033 advisory. - Fix CVE-2024-2357 RHEL-29734 - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Just bumping up the version to include bugs for...

7.5CVSS6.4AI score0.04422EPSS

Exploits1References2

Redos•added 2024/04/23 12:0 a.m.•8 views

ROS-20240423-12

A vulnerability in the libreswan software is related to the fact that in some IKEv2 scenarios retransmit a connection configured to use PreSharedKeys authby=secret and this connection fails to can't find the corresponding customized secret. Exploiting the vulnerability could allow an attacker,...

6.5CVSS6.7AI score0.00566EPSS

Exploits0

Redos•added 2024/04/23 12:0 a.m.•16 views

ROS-20240423-04

6.5CVSS6.7AI score0.00566EPSS

Exploits0

Amazon•added 2024/04/17 12:0 a.m.•3 views

Medium: libreswan

Issue Overview: The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured secret. When such a connection is automatically...

6.5CVSS7.2AI score0.00566EPSS

Exploits0

OpenVAS•added 2024/04/09 12:0 a.m.•12 views

Mageia: Security Advisory (MGASA-2024-0113)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.00566EPSS

OSV•added 2024/04/06 10:16 p.m.•4 views

MGASA-2024-0113 Updated libreswan packages fix security vulnerabilities

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured secret. When such a connection is automatically added on startu...

6.5CVSS6.5AI score0.00566EPSS

Exploits0References3

Mageia•added 2024/04/06 10:16 p.m.•35 views

Updated libreswan packages fix security vulnerabilities

6.5CVSS6.8AI score0.00566EPSS

Tenable Nessus•added 2024/03/20 12:0 a.m.•17 views

Fedora 38 : libreswan (2024-1439ec2069)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1439ec2069 advisory. Update to 4.14 for CVE-2024-2357, v6 SAN name and TFC padding fix for AEAD Tenable has extracted the preceding description block directly from the Fedora...

6.5CVSS6.1AI score0.00566EPSS

RedhatCVE•added 2024/03/14 4:45 p.m.•17 views

CVE-2024-2357

5CVSS5.7AI score0.00566EPSS

OSV•added 2024/03/11 8:15 p.m.•13 views

CVE-2024-2357

6.5CVSS6.5AI score0.00566EPSS

UbuntuCve•added 2024/03/11 8:15 p.m.•21 views

CVE-2024-2357

6.5CVSS6.5AI score0.00566EPSS

Cvelist•added 2024/03/11 7:39 p.m.•19 views

CVE-2024-2357 IKEv2 misconfiguration can cause libreswan to abort and restart

6.4AI score0.00566EPSS

CVE•added 2024/03/11 7:39 p.m.•119 views

CVE-2024-2357

CVE-2024-2357 (Libreswan) : Affects Libreswan with PreSharedKeys (authby=secret). If a connection cannot find a matching secret and is auto-added at startup (auto=), it can crash repeatedly, causing Denial of Service. Connected sources indicate a patched Libreswan release is available; remediatio...

6.5CVSS5.8AI score0.00566EPSS

Vulnrichment•added 2024/03/11 7:39 p.m.•18 views

CVE-2024-2357 IKEv2 misconfiguration can cause libreswan to abort and restart

6.6AI score0.00566EPSS