CVE-2019-10155 — Improper Validation of Integrity Check Value in Libreswan
Severity
3.1LOWNVD
EPSS
0.2%
top 55.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 12
Latest updateMay 24
Description
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.6 | Impact: 1.4
Affected Packages7 packages
Also affects: Fedora 29, 30, Enterprise Linux 8.0
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-m236-w45w-74ch: The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected↗2022-05-24
OSV▶
CVE-2019-10155: The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected↗2019-06-12
📋Vendor Advisories
2💬Community
3Bugzilla▶
CVE-2019-10155 libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check [epel-6]↗2019-06-11
Bugzilla▶
CVE-2019-10155 libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check [fedora-all]↗2019-06-11
Bugzilla▶
CVE-2019-10155 libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check↗2019-05-27