urlscan.io logo urlscan.io
SecurityTrails logo

libreswan.org Open in urlscan Pro
2a00:1190:c00a:f00::229  Public Scan

Back to summary
URL: https://libreswan.org/security/
Submission: On October 26 via api from TR — Scanned from FI

Form analysis 0 forms found in the DOM

Text Content

Toggle navigation
 * Documentation
   * Configuration
   * FAQ
   * Interoperability
   * NSS and libreswan
   * /etc/ipsec.conf
   * /etc/ipsec.secrets
   * All Manual pages
   * IRC community
 * Developers
   * Issue Tracker
   * Changelog
   * IRC community
   * Developer Documentation
 * Security
 * Events
 * Mailing Lists
   * (un)subscribe
   * 
   * Announce Archive
   * Users Archive
   * Developer Archive
   * Commit Archive
   * 
   * IETF IPsecME Archive

 * FAQ
 * Contact
   * Report Security Issue
   * Developers
   * IRC community
   * Support
   * 
   * Commercial Support



libreswan-4.12.tar.gz sig




REPORTING A VULNERABILITY

Please contact security@libreswan.org if you suspect you have found a security
issue or vulnerability in libreswan. Encrypted email can be received encrypted
to the libreswan OpenPGP key.
We strongly encourage you to report potential security vulnerabilities to us
before disclosing them in a public forum or in a public security paperi or
conference. The Libreswan Team typically responds within a few days but usually
needs a few weeks to publish a new release with the security fix. The Libreswan
Team does not accept any third party clauses before receiving information. A
vulnerability reporter cannot mandate a timeline of public disclosure, however
The Libreswan Team might accept reasonable requests for short delays.


LIST OF LIBRESWAN CVES

CVE Number Date Vulnerability Information Vulnerable Files CVE-2023-38712 Aug 8,
2023 Invalid IKEv1 repeat IKE SA delete causes crash and libreswan to restart
3.0 - 4.11 Patches CVE-2023-38711 Aug 8, 2023 Invalid IKEv1 Quick Mode ID causes
libreswan to restart 4.6 - 4.11 Patches CVE-2023-38710 Aug 8, 2023 Invalid IKEv2
REKEY proposal causes libreswan to restart 3.20 - 4.11 Patches CVE-2023-30570
May 3, 2023 Malicious IKEv1 packet by unauthenticated peer can cause libreswan
to restart 3.28 - 4.10 Patches CVE-2023-23009 Feb 28, 2023 Malicious IKEv2
packet by authenticated peer can cause libreswan to restart 4.2 - 4.9 Patches
CVE-2022-23094 Jan 11, 2022 Malicious IKEv1 packet can cause libreswan to
restart 4.2 - 4.5 Patches CVE-2020-1763 May 11, 2020 IKEv1 Informational
Exchange messages causes restart 3.27 - 3.31 Patches CVE-2019-10155 Jun 10, 2019
IKEv1 Informational exchange integrity check failure 3.0 - 3.28 Patches
CVE-2019-12312 Jun 4, 2019 IKEv2 bogus Informational Exchange request can cause
NULL pointer dereference 3.27 Patches CVE-2016-5391 Jul 25, 2016 IKEv2 bogus
proposal lacking DH transform causes restart 3.17 Patches CVE-2016-5361 Jun 14,
2016 MITRE mistakenly issues CVE-2016-5361 none - CVE-2016-3071 Apr 4, 2016
IKEv2 aes_xcbc transform causes restart of IKE daemon 3.16 Patches CVE-2015-3240
Aug 24, 2015 bad DH g^x by remote peer causes IKE daemon restart 3.0 - 3.15
Patches CVE-2015-3204 Jun 1, 2015 malicious payload causes IKE daemon restart
3.9 - 3.12 Patches CVE-2013-6467 Jan 15, 2014 dereferencing missing IKEv2
payloads causes restart 3.0 - 3.7 Patches CVE-2013-4564 Dec 10, 2013 Denial of
Service with bogus IKE packet 3.6 - CVE-2013-6467 May 13, 2013 remote buffer
overflow in atodn() 3.0 - 3.1 Patches


NON-LIBRESWAN CVES

The Libreswan Project also assisted with some openswan CVE's and strongswan
CVE's.