CVE-2020-1763
Description
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
4.755
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| libreswan security update(DSA-4684-1) libreswan_3.27-6+deb10u1_i386.deb | Linux |
| libreswan security update(DSA-4684-1) libreswan_3.27-6+deb10u1_amd64.deb | Linux |
| (RHSA-2020:2070) libreswan security update libreswan-3.29-7.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:2070) libreswan security update libreswan-debugsource-3.29-7.el8_2.x86_64.rpm | Linux |
| Libreswan update (ELSA-2020-2070) libreswan-3.29-7.0.1.el8_2.x86_64.rpm | Linux |
| (CESA-2020:2070) libreswan security update libreswan-3.29-7.el8_2.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234