CVE-2013-2052Improper Restriction of Operations within the Bounds of a Memory Buffer in Libreswan

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents4 sources
Severity
6.8MEDIUMNVD
NVD5.1
EPSS
0.8%
top 25.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Xelerance OpenswanLibreswanDebian Libreswan
Timeline
PublishedJul 9
Latest updateMay 17

Description

Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

NVDlibreswan/libreswan3.0, 3.1+1
NVDxelerance/openswan2.6.38+37

Patches

Patch: libreswan.orgPatch: libreswan.org

🔴Vulnerability Details

2
GHSA
GHSA-ghm6-8w78-2p3j: Buffer overflow in the atodn function in libreswan 32022-05-17
GHSA
GHSA-xqwx-33f7-54m6: Buffer overflow in the atodn function in Openswan before 22022-05-14

📋Vendor Advisories

2
Red Hat
Openswan: remote buffer overflow in atodn()2013-05-13
Debian
CVE-2013-2052: libreswan - Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunist...2013