CVE-2013-4564

Published: Jan 7, 2014Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.

Affected (1)

Products: Libreswan: Libreswan

Libreswan

1 product

Libreswan

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libreswan Libreswan	Version 3.6

Related CWEs

CWE-189

References (12)

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124911.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124928.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124943.html

Source: secalert@redhat.com

http://secunia.com/advisories/56276

Source: secalert@redhat.com

Vendor Advisory

https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc

Source: secalert@redhat.com

Vendor Advisory

https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html

Source: secalert@redhat.com

PatchVendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124911.html