CVE-2020-1763
Summary
| CVE | CVE-2020-1763 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-05-12 14:15:00 UTC |
| Updated | 2023-11-07 03:19:00 UTC |
| Description | An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Siemens RUGGEDCOM ROX II | CISA | MISC | us-cert.cisa.gov | |
| 1814541 – (CVE-2020-1763) CVE-2020-1763 libreswan: DoS attack via malicious IKEv1 informational exchange message | CONFIRM | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| Debian -- Security Information -- DSA-4684-1 libreswan | DEBIAN | www.debian.org | Third Party Advisory |
| libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt | CONFIRM | libreswan.org | Patch, Vendor Advisory |
| security: Fix for CVE-2020-1763 · libreswan/libreswan@471a3e4 · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | CONFIRM | cert-portal.siemens.com | |
| Libreswan: Denial of service (GLSA 202007-21) — Gentoo security | GENTOO | security.gentoo.org | |
| Bug Access Denied | MISC | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 501057 Alpine Linux Security Update for libreswan