CVE-2013-4564 — Libreswan vulnerability

CWE-1895 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.4%

top 19.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreswan Debian Libreswan

Timeline

PublishedJan 7

Latest updateMay 17

Description

Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/libreswan

▶NVDlibreswan/libreswan3.6

Patches

Patch: lists.libreswan.org ↗Patch: lists.libreswan.org ↗

🔴Vulnerability Details

GHSA

GHSA-jg47-pq6h-vjmw: Libreswan 3↗2022-05-17

▶

📋Vendor Advisories

Red Hat

libreswan: DoS due to how mangled IKE packets are handled↗2013-11-18

▶

Debian

CVE-2013-4564: libreswan - Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a...↗2013

▶

💬Community

Bugzilla

CVE-2013-4564 libreswan: DoS due to how mangled IKE packets are handled↗2013-11-18

▶