CVE-2016-5391

Published: Jun 13, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).

Affected (3)

Products: Libreswan: Libreswan · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libreswan Libreswan	Up to 3.17

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 23
Fedoraproject Fedora	Version 24

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=1356183

Source: secalert@redhat.com

Issue Tracking

https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt

Source: secalert@redhat.com

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1356183

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.