Skip to main content

Libreswan CVE-2013-7283

CRITICAL
Race Condition (CWE-362)
2014-01-09 cve@mitre.org
9.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:N/AC:M/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Jan 09, 2014 - 18:07 cve.org
CRITICAL 9.3

DescriptionCVE.org

Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file.

AnalysisAI

Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-362. Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file. Affected products include: Libreswan.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-12312 HIGH POC
7.5 May 24

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. Rated high severity (CVSS 7.5), this vuln

CVE-2023-23009 MEDIUM POC
6.5 Feb 21

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS pa

CVE-2013-7294 MEDIUM POC
5.0 Jan 16

The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a de

CVE-2016-3071 HIGH
7.5 Apr 18

Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transfor

CVE-2016-5361 HIGH
7.5 Jun 16

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers t

CVE-2016-5391 HIGH
7.5 Jun 13

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon re

CVE-2026-12413 HIGH
7.5 Jul 02

Denial of service in the Libreswan IPsec VPN's pluto daemon allows remote unauthenticated attackers to crash and repeate

CVE-2023-30570 HIGH
7.5 May 29

pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticat

CVE-2023-2295 HIGH
7.5 May 17

A vulnerability was found in the libreswan library. Rated high severity (CVSS 7.5), this vulnerability is remotely explo

CVE-2020-1763 HIGH
7.5 May 12

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unau

CVE-2023-38712 MEDIUM
6.5 Aug 25

An issue was discovered in Libreswan 3.x and 4.x before 4.12. Rated medium severity (CVSS 6.5), this vulnerability is re

CVE-2023-38711 MEDIUM
6.5 Aug 25

An issue was discovered in Libreswan before 4.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely explo

Share

CVE-2013-7283 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy