CVE Tools

libreswan

Security Productsoss-project

9

Cumulative CVEs

6

Monthly snapshots

#35

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting libreswan.

CVE-2024-3652IKEv1 default AH/ESP responder can cause libreswan to abort and restart6.5Apr 11, 2024
CVE-2023-38710An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify pa...6.5Aug 25, 2023
CVE-2023-38711An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference ...6.5Aug 25, 2023
CVE-2023-38712An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISA...6.5Aug 25, 2023
CVE-2023-30570pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.7.5May 28, 2023
CVE-2023-2295A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is ...7.5May 17, 2023
CVE-2023-23009Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.6.5Feb 21, 2023
CVE-2022-23094Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a st...7.5Jan 15, 2022
CVE-2020-1763An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specia...7.5May 12, 2020
CVE-2019-10155The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and int...3.1Jun 12, 2019
CVE-2019-12312In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus IN...7.5May 24, 2019
CVE-2016-5391libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).7.5Jun 13, 2017
CVE-2016-5361programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet....7.5Jun 16, 2016
CVE-2016-3071Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.7.5Apr 18, 2016
CVE-2015-3240The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero...4.3Nov 9, 2015