Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-1763

Good to know:

icon
icon

Date: May 12, 2020

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.

Language: C

Severity Score

Related Resources (14)

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
https://nvd.nist.gov/vuln/detail/CVE-2020-1763
https://bugzilla.redhat.com/show_bug.cgi?id=1813329
https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
https://www.debian.org/security/2020/dsa-4684
https://people.canonical.com/~ubuntu-security/cve/CVE-2020-1763
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763
https://security.alpinelinux.org/vuln/CVE-2020-1763
https://security.gentoo.org/glsa/202007-21
https://security-tracker.debian.org/tracker/CVE-2020-1763
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
https://access.redhat.com/security/cve/CVE-2020-1763
https://www.mend.io/vulnerability-database/CVE-2020-1763

Severity Score

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

icon

Upgrade Version

Upgrade to version v3.32

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us