Out-of-bounds Buffer Read in Libreswan Daemon Affecting Multiple Versions
CVE-2020-1763

7.5HIGH

Key Information:

Status
Vendor
CVE Published:
12 May 2020

What is CVE-2020-1763?

Libreswan contains an out-of-bounds buffer read vulnerability in its pluto daemon from versions 3.27 to 3.31. This flaw allows an unauthenticated attacker to exploit the vulnerability by sending specially-crafted IKEv1 Informational Exchange packets, potentially leading to a denial of service as the Libreswan daemon may crash and subsequently respawn. Users of the affected versions should consider applying patches or mitigations as outlined in security advisories.

Affected Version(s)

libreswan from versions 3.27 till 3.31

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.