CVE-2013-7294

Published: Jan 16, 2014Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.

Affected (7)

Products: Libreswan: Libreswan

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Libreswan Libreswan	Up to 3.6
Libreswan Libreswan	Version 3.0
Libreswan Libreswan	Version 3.1
Libreswan Libreswan	Version 3.2
Libreswan Libreswan	Version 3.3
Libreswan Libreswan	Version 3.4
Libreswan Libreswan	Version 3.5

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://secunia.com/advisories/56276

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/56915

Source: cve@mitre.org

http://www.osvdb.org/101573

Source: cve@mitre.org

https://github.com/libreswan/libreswan/commit/2899351224fe2940aec37d7656e1e392c0fe07f0

Source: cve@mitre.org

ExploitPatch

https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/56276

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/56915

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/101573

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/libreswan/libreswan/commit/2899351224fe2940aec37d7656e1e392c0fe07f0

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.