ID CVE-2013-4564
Summary Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.
References
Vulnerable Configurations
  • cpe:2.3:a:libreswan:libreswan:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.6:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 25-02-2014 - 18:02)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc
fedora
  • FEDORA-2013-23250
  • FEDORA-2013-23299
  • FEDORA-2013-23315
mlist [Swan-announce] 20131211 Libreswan 3.7 released
secunia 56276
Last major update 25-02-2014 - 18:02
Published 07-01-2014 - 17:04
Last modified 25-02-2014 - 18:02
Back to Top