CVE-2015-3204 — Improper Input Validation in Libreswan

CWE-20 — Improper Input Validation CWE-617 — Reachable Assertion6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 30.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreswan Debian Libreswan

Timeline

PublishedJul 1

Latest updateMay 17

Description

libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/libreswan

▶NVDlibreswan/libreswan4 versions+3

🔴Vulnerability Details

GHSA

GHSA-52gh-6xp3-9wpf: libreswan 3↗2022-05-17

▶

CVEList

CVE-2015-3204: libreswan 3↗2015-07-01

▶

📋Vendor Advisories

Red Hat

libreswan: crafted IKE packet causes daemon restart↗2015-06-01

▶

Debian

CVE-2015-3204: libreswan - libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service ...↗2015

▶

💬Community

Bugzilla

CVE-2015-3204 libreswan: crafted IKE packet causes daemon restart↗2015-05-20

▶