CVE-2020-1763 Information
Feb 14, 2021
cve
Description
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=1813329 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763 https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt https://security.gentoo.org/glsa/202007-21 https://www.debian.org/security/2020/dsa-4684
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5
Share on: