Vulnerability Details : CVE-2013-7294
Potential exploit
The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.
Vulnerability category: Denial of service
Products affected by CVE-2013-7294
- cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*
- cpe:2.3:a:libreswan:libreswan:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:libreswan:libreswan:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:libreswan:libreswan:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:libreswan:libreswan:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:libreswan:libreswan:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:libreswan:libreswan:3.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-7294
0.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-7294
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-7294
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7294
-
https://github.com/libreswan/libreswan/commit/2899351224fe2940aec37d7656e1e392c0fe07f0
SECURITY: Properly handle IKEv2 I1 notification packet without KE pay… · libreswan/libreswan@2899351 · GitHubExploit;Patch
-
http://www.osvdb.org/101573
404 Not Found
-
http://secunia.com/advisories/56915
Sign in
-
https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html
[Swan-announce] Libreswan 3.7 releasedVendor Advisory
-
http://secunia.com/advisories/56276
Sign inVendor Advisory
Jump to