CVE-2020-1763 — Out-of-bounds Read in Libreswan

CWE-125 — Out-of-bounds Read9 documents7 sources

Severity

7.5HIGHNVD

EPSS

4.8%

top 10.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreswan Debian Libreswan THE Libreswan Project Libreswan

Timeline

PublishedMay 12

Latest updateMay 24

Description

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/libreswan< libreswan 3.32-1 (bookworm)

▶Debianlibreswan/libreswan< 3.32-1+3

▶NVDlibreswan/libreswan3.27 — 3.31+1

▶CVEListV5the_libreswan_project/libreswanfrom versions 3.27 till 3.31

Patches

Patch: github.com ↗Patch: libreswan.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-wx69-vm3h-3cgv: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3↗2022-05-24

▶

OSV

CVE-2020-1763: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3↗2020-05-12

▶

📋Vendor Advisories

CISA ICS

Siemens RUGGEDCOM ROX II↗2021-02-09

▶

Red Hat

libreswan: DoS attack via malicious IKEv1 informational exchange message↗2020-05-11

▶

Debian

CVE-2020-1763: libreswan - An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan fro...↗2020

▶

💬Community

Bugzilla

CVE-2020-1763 libreswan: DoS attack via malicious IKEv1 informational exchange message [epel-6]↗2020-05-12

▶

Bugzilla

CVE-2020-1763 libreswan: DoS attack via malicious IKEv1 informational exchange message [fedora-all]↗2020-05-12

▶

Bugzilla

CVE-2020-1763 libreswan: DoS attack via malicious IKEv1 informational exchange message↗2020-03-18

▶