CVE-2013-6466 — Openswan vulnerability

8 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.0%

top 22.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xelerance Openswan

Timeline

PublishedJan 26

Latest updateMay 14

Description

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDxelerance/openswan2.6.39+73

🔴Vulnerability Details

GHSA

GHSA-gc3w-rhj3-96v9: Openswan 2↗2022-05-14

▶

📋Vendor Advisories

CISA ICS

PHOENIX CONTACT, Innominate Security Technologies mGuard Firmware↗2017-09-07

▶

Red Hat

openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart↗2014-01-15

▶

💬Community

Bugzilla

CVE-2013-6466 openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart [fedora-all]↗2014-01-27

▶

Bugzilla

CVE-2013-7294 libreswan: DoS via an IKEv2 I1 notification↗2014-01-16

▶

Bugzilla

CVE-2013-6467 libreswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart↗2014-01-08

▶

Bugzilla

CVE-2013-6466 openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart↗2014-01-08

▶