Vulnerabilities > Xelerance > Openswan > 2.3.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-26 | CVE-2018-15836 | Improper Verification of Cryptographic Signature vulnerability in Xelerance Openswan In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. | 5.0 |
2014-01-26 | CVE-2013-6466 | Remote Denial Of Service vulnerability in Openswan IKEv2 payloads Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | 5.0 |
2011-11-17 | CVE-2011-4073 | Resource Management Errors vulnerability in Xelerance Openswan Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. | 4.0 |
2005-01-26 | CVE-2005-0162 | Remote Buffer Overflow vulnerability in Xelerance Corporation Openswan XAUTH/PAM Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. | 7.2 |