CVE-2024-3652

>= 3.22 and < 4.15

The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When

6.5MEDIUM

CVE-2023-38712

>= 3.0 and < 4.0

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Del

6.5MEDIUM

CVE-2023-38711

>= 4.6 and < 4.12

An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR

6.5MEDIUM

CVE-2023-38710

>= 3.20 and < 4.12

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number

6.5MEDIUM

CVE-2023-30570

>= 3.28 and <= 4.10

pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 A

7.5HIGH

CVE-2023-2295

all versions

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received wi

7.5HIGH

CVE-2023-23009

all versions

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with

6.5MEDIUM

CVE-2022-23094

>= 4.2 and < 4.6

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a c

7.5HIGH

CVE-2020-1763

>= 3.27 and <= 3.31

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticate

7.5HIGH

CVE-2019-10155

< 3.29

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and

3.1LOW

CVE-2019-12312

< 3.28

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference

7.5HIGH

CVE-2016-5391

<= 3.17

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).

7.5HIGH

CVE-2016-5361

<= 3.16

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a

7.5HIGH

CVE-2016-3071

all versions

Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.

7.5HIGH

CVE-2015-3240

all versions

The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a

CVE-2015-3204

all versions

libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unas

CVE-2013-6467

<= 3.7

Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) v

CVE-2013-7294

<= 3.6

The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of se

CVE-2013-7283

all versions

Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecifie

CVE-2013-4564

all versions

Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an i

CVE-2013-2052

all versions

Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being u