The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.
Max CVSS
5.0
EPSS Score
1.38%
Published
2014-01-16
Updated
2018-01-03
Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file.
Max CVSS
9.3
EPSS Score
0.16%
Published
2014-01-09
Updated
2014-01-10
Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.
Max CVSS
5.0
EPSS Score
1.46%
Published
2014-01-26
Updated
2017-08-29
Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.
Max CVSS
5.0
EPSS Score
2.97%
Published
2014-01-07
Updated
2014-02-25
4 vulnerabilities found