Vulnerabilities > Libreswan

DATE CVE VULNERABILITY TITLE RISK
2023-08-25 CVE-2023-38710 Unspecified vulnerability in Libreswan
An issue was discovered in Libreswan before 4.12.
network
low complexity
libreswan
6.5
2023-08-25 CVE-2023-38711 NULL Pointer Dereference vulnerability in Libreswan
An issue was discovered in Libreswan before 4.12.
network
low complexity
libreswan CWE-476
6.5
2023-08-25 CVE-2023-38712 NULL Pointer Dereference vulnerability in Libreswan
An issue was discovered in Libreswan 3.x and 4.x before 4.12.
network
low complexity
libreswan CWE-476
6.5
2023-05-29 CVE-2023-30570 Resource Exhaustion vulnerability in Libreswan
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets.
network
low complexity
libreswan CWE-400
7.5
2023-05-17 CVE-2023-2295 A vulnerability was found in the libreswan library.
network
low complexity
libreswan redhat
7.5
2023-02-21 CVE-2023-23009 Resource Exhaustion vulnerability in multiple products
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.
network
low complexity
libreswan debian CWE-400
6.5
2022-01-15 CVE-2022-23094 NULL Pointer Dereference vulnerability in multiple products
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists.
network
low complexity
libreswan fedoraproject debian CWE-476
7.5
2020-05-12 CVE-2020-1763 Unspecified vulnerability in Libreswan
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets.
network
low complexity
libreswan
7.5
2019-06-12 CVE-2019-10155 Improper Validation of Integrity Check Value vulnerability in multiple products
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified.
3.1
2019-05-24 CVE-2019-12312 Reachable Assertion vulnerability in Libreswan
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart.
network
low complexity
libreswan CWE-617
7.5