By the Year
In 2022 there have been 0 vulnerabilities in Libreswan . Libreswan did not have any published security vulnerabilities last year.
It may take a day or so for new Libreswan vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Libreswan Security Vulnerabilities
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan
7.5 - High
- May 12, 2020
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets
3.1 - Low
- June 12, 2019
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
Improper Input Validation
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart
7.5 - High
- May 24, 2019
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.
NULL Pointer Dereference