Libreswan Libreswan

Do you want an email whenever new security vulnerabilities are reported in Libreswan?

By the Year

In 2022 there have been 0 vulnerabilities in Libreswan . Libreswan did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 1 7.50
2019 2 5.30
2018 0 0.00

It may take a day or so for new Libreswan vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Libreswan Security Vulnerabilities

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan

CVE-2020-1763 7.5 - High - May 12, 2020

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.

Out-of-bounds Read

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets

CVE-2019-10155 3.1 - Low - June 12, 2019

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

Improper Input Validation

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart

CVE-2019-12312 7.5 - High - May 24, 2019

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.

NULL Pointer Dereference

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Libreswan or by Libreswan? Click the Watch button to subscribe.

Libreswan
Vendor

Libreswan
Product

subscribe