{"containers": {"cna": {"affected": [{"product": "libreswan", "vendor": "the libreswan Project", "versions": [{"status": "affected", "version": "from versions 3.27 till 3.31"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-02-12T05:48:52.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"}, {"name": "DSA-4684", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4684"}, {"name": "GLSA-202007-21", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202007-21"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-1763", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libreswan", "version": {"version_data": [{"version_value": "from versions 3.27 till 3.31"}]}}]}, "vendor_name": "the libreswan Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash."}]}, "impact": {"cvss": [[{"vectorString": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125"}]}]}, "references": {"reference_data": [{"name": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt", "refsource": "CONFIRM", "url": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329"}, {"name": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8", "refsource": "CONFIRM", "url": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"}, {"name": "DSA-4684", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4684"}, {"name": "GLSA-202007-21", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202007-21"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:46:30.902Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"}, {"name": "DSA-4684", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4684"}, {"name": "GLSA-202007-21", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202007-21"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-1763", "datePublished": "2020-05-12T13:41:20.000Z", "dateReserved": "2019-11-27T00:00:00.000Z", "dateUpdated": "2024-08-04T06:46:30.902Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4D70ED5-291D-47AE-A6CB-0ED5AAB14329", "versionEndIncluding": "3.31", "versionStartIncluding": "3.27", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreswan:libreswan:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "9E018CD7-6E5B-421E-BF06-AEE4EE0CA4BD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash."}, {"lang": "es", "value": "Un fallo de lectura de b\u00fafer fuera de l\u00edmites fue detectado en el demonio pluto de libreswan versiones 3.27 hasta 3.31 donde, un atacante no autenticado podr\u00eda usar este fallo para bloquear a libreswan mediante el env\u00edo de paquetes IKEv1 Informational Exchange especialmente dise\u00f1ados. El demonio reaparece despu\u00e9s del bloqueo."}], "id": "CVE-2020-1763", "lastModified": "2024-11-21T05:11:20.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-12T14:15:12.580", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202007-21"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4684"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813329"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202007-21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4684"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Paul Wouters (Red Hat).", "affected_release": [{"advisory": "RHSA-2020:2070", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreswan-0:3.29-7.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-05-12T00:00:00Z"}, {"advisory": "RHSA-2020:2069", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "libreswan-0:3.27-10.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-05-12T00:00:00Z"}, {"advisory": "RHSA-2020:2071", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "libreswan-0:3.29-7.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-05-12T00:00:00Z"}], "bugzilla": {"description": "libreswan: DoS attack via malicious IKEv1 informational exchange message", "id": "1814541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814541"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.", "An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible."}, "name": "CVE-2020-1763", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-05-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-1763\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1763\nhttps://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"], "statement": "This flaw does not affect the version of libreswan shipped with Red Hat Enterprise Linux 6 and 7 because they did not ship the vulnerable code. (The offending commit fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 and others was introduced in libreswan-3.27)", "threat_severity": "Important"}