CVE-2013-6467 — Libreswan vulnerability

9 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.9%

top 24.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreswan Debian Libreswan

Timeline

PublishedJan 26

Latest updateMay 17

Description

Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDlibreswan/libreswan3.7+7

▶debiandebian/libreswan

🔴Vulnerability Details

GHSA

GHSA-m87x-r8q9-jm9c: Libreswan 3↗2022-05-17

▶

📋Vendor Advisories

Red Hat

libreswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart↗2014-01-15

▶

Debian

CVE-2013-6467: libreswan - Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (...↗2013

▶

💬Community

Bugzilla

CVE-2013-6467 libreswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart [epel-6]↗2014-01-27

▶

Bugzilla

CVE-2013-6467 libreswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart [fedora-all]↗2014-01-27

▶

Bugzilla

CVE-2013-7294 libreswan: DoS via an IKEv2 I1 notification↗2014-01-16

▶

Bugzilla

CVE-2013-6467 libreswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart↗2014-01-08

▶

Bugzilla

CVE-2013-6466 openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart↗2014-01-08

▶