The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.
Max CVSS
5.0
EPSS Score
1.38%
Published
2014-01-16
Updated
2018-01-03
Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.
Max CVSS
5.0
EPSS Score
1.46%
Published
2014-01-26
Updated
2017-08-29
Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.
Max CVSS
5.0
EPSS Score
2.97%
Published
2014-01-07
Updated
2014-02-25
3 vulnerabilities found