CVE-2013-4564 - Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value

CVE-2013-4564

Summary

Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124911.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124928.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124943.html
http://secunia.com/advisories/56276
https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc
https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html

Vulnerable Configurations

cpe:2.3:a:libreswan:libreswan:3.6:*:*:*:*:*:*:*
cpe:2.3:a:libreswan:libreswan:3.6:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 25-02-2014 - 18:02)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc
fedora	FEDORA-2013-23250 FEDORA-2013-23299 FEDORA-2013-23315
mlist	[Swan-announce] 20131211 Libreswan 3.7 released
secunia	56276

Last major update

25-02-2014 - 18:02

Published

07-01-2014 - 17:04

Last modified

25-02-2014 - 18:02