Known Vulnerabilities for products from Libreswan
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Libreswan".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23094 | Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) vi... | 7.5 - HIGH | 2022-01-15 | 2023-11-07 |
| CVE-2020-1763 | An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthent... | 7.5 - HIGH | 2020-05-12 | 2023-11-07 |
| CVE-2019-12312 | In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer derefer... | 7.5 - HIGH | 2019-05-24 | 2020-08-24 |
| CVE-2019-10155 | The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted... | 3.1 - LOW | 2019-06-12 | 2023-11-07 |
| CVE-2016-5391 | libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart... | 7.5 - HIGH | 2017-06-13 | 2023-02-12 |
| CVE-2016-5361 | programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cau... | 7.5 - HIGH | 2016-06-16 | 2017-01-18 |
| CVE-2016-3071 | Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. | 7.5 - HIGH | 2016-04-18 | 2017-02-07 |
| CVE-2015-3240 | The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cau... | 4.3 - MEDIUM | 2015-11-09 | 2023-02-13 |
| CVE-2015-3204 | libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1)... | 5 - MEDIUM | 2015-07-01 | 2023-02-13 |
| CVE-2013-7294 | The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial ... | 5 - MEDIUM | 2014-01-16 | 2018-01-03 |
| CVE-2013-7283 | Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspe... | 9.3 - HIGH | 2014-01-09 | 2014-01-10 |
| CVE-2013-6467 | Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon resta... | 5 - MEDIUM | 2014-01-26 | 2017-08-29 |
| CVE-2013-4564 | Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2)... | 5 - MEDIUM | 2014-01-07 | 2014-02-25 |
| CVE-2013-2052 | Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is be... | 5.1 - MEDIUM | 2013-07-09 | 2013-10-11 |
Known software with vulnerabilities from Libreswan
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Libreswan | Libreswan | 3.0 |