CVE-2020-1763 : An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan fro

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.

Published 2020-05-12 14:15:13

Updated 2021-05-05 13:41:57

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2020-1763

Libreswan » Libreswan
Versions from including (>=) 3.27 and up to, including, (<=) 3.31
cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*
Matching versions
Libreswan » Libreswan » Version: 3.5
cpe:2.3:a:libreswan:libreswan:3.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-1763

EPSS FAQ

4.76%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-1763

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	Red Hat, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-1763

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.
Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)

References for CVE-2020-1763

https://www.debian.org/security/2020/dsa-4684

Debian -- Security Information -- DSA-4684-1 libreswan
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1813329

Bug Access Denied
Issue Tracking;Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04

Siemens RUGGEDCOM ROX II | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url
https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8

security: Fix for CVE-2020-1763 · libreswan/libreswan@471a3e4 · GitHub
Patch;Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf

Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202007-21

Libreswan: Denial of service (GLSA 202007-21) — Gentoo security
Third Party Advisory
https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt

Patch;Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763

1814541 – (CVE-2020-1763) CVE-2020-1763 libreswan: DoS attack via malicious IKEv1 informational exchange message
Issue Tracking;Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-1763

Products affected by CVE-2020-1763

Exploit prediction scoring system (EPSS) score for CVE-2020-1763

CVSS scores for CVE-2020-1763

CWE ids for CVE-2020-1763

References for CVE-2020-1763