The Libreswan Project Libreswan vulnerabilities

CVE-2024-3652 [MEDIUM] CWE-404 CVE-2024-3652: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.

CVE-2024-2357 [MEDIUM] CVE-2024-2357: The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retrans The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leadi

CVE-2020-1763 [HIGH] CWE-125 CVE-2020-1763: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.

CVE-2019-10155 [LOW] CWE-354 CVE-2019-10155: The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange pa The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.