Vulnerabilities > Libreswan > Libreswan > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-25 CVE-2023-38710 Unspecified vulnerability in Libreswan
An issue was discovered in Libreswan before 4.12.
network
low complexity
libreswan
6.5
2023-08-25 CVE-2023-38711 NULL Pointer Dereference vulnerability in Libreswan
An issue was discovered in Libreswan before 4.12.
network
low complexity
libreswan CWE-476
6.5
2023-08-25 CVE-2023-38712 NULL Pointer Dereference vulnerability in Libreswan
An issue was discovered in Libreswan 3.x and 4.x before 4.12.
network
low complexity
libreswan CWE-476
6.5
2023-02-21 CVE-2023-23009 Resource Exhaustion vulnerability in multiple products
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.
network
low complexity
libreswan debian CWE-400
6.5
2019-05-24 CVE-2019-12312 Reachable Assertion vulnerability in Libreswan
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart.
network
low complexity
libreswan CWE-617
5.0
2016-06-16 CVE-2016-5361 Improper Input Validation vulnerability in Libreswan
programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet.
network
low complexity
libreswan CWE-20
5.0
2016-04-18 CVE-2016-3071 Improper Input Validation vulnerability in multiple products
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.
network
low complexity
libreswan fedoraproject CWE-20
5.0
2014-01-26 CVE-2013-6467 Remote Denial of Service vulnerability in Libreswan 'IKEv2' Payloads
Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.
network
low complexity
libreswan
5.0
2014-01-16 CVE-2013-7294 Improper Input Validation vulnerability in Libreswan
The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.
network
low complexity
libreswan CWE-20
5.0
2014-01-07 CVE-2013-4564 Numeric Errors vulnerability in Libreswan 3.6
Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.
network
low complexity
libreswan CWE-189
5.0