Skip to main content

Openswan

5 CVEs product

Monthly

CVE-2019-10155 LOW PATCH Monitor

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Libreswan Strongswan Openswan +2
NVD
CVSS 3.1
3.1
EPSS
0.5%
CVE-2018-15836 HIGH PATCH This Week

In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Openswan
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2014-2037 MEDIUM This Month

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openswan
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-6466 MEDIUM This Month

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openswan
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-2053 MEDIUM This Month

Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Openswan
NVD
CVSS 2.0
6.8
EPSS
1.6%
EPSS 1% CVSS 3.1
LOW PATCH Monitor

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Libreswan +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Openswan
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openswan
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openswan
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy