Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
445
VMScore

CVE-2019-12312

Published: 24/05/2019 Updated: 24/08/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libreswan

Vulnerability Summary

Impact: Moderate Public Date: 2019-05-12 CWE: CWE-476 Bugzilla: 1716918: CVE-2019-12312 libreswan: null-pointer dereference by sending two IKEv2 packets In Libreswan prior to 3.28, an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by sending two IKEv2 packets (init_IKE and delete_IKE) in 3des_cbc mode to a Libreswan server. This affects send_v2N_spi_response_from_state in programs/pluto/ikev2_send.c when built with Network Security Services (NSS).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libreswan libreswan

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2019-10155 IKEv1 Informational exchange integrity check failure
Debian Bug report logs - #930338 CVE-2019-10155 IKEv1 Informational exchange integrity check failure Package: libreswan; Maintainer for libreswan is Daniel Kahn Gillmor <dkg@fifthhorsemannet>; Source for libreswan is src:libreswan (PTS, buildd, popcon) Reported by: Daniel Kahn Gillmor <dkg@fifthhorsemannet> Date: ...
Debian CVElist Bug Report Logs: libreswan: CVE-2019-12312
Debian Bug report logs - #929916 libreswan: CVE-2019-12312 Package: src:libreswan; Maintainer for src:libreswan is Daniel Kahn Gillmor <dkg@fifthhorsemannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 3 Jun 2019 04:30:02 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Fou ...
Red Hat: CVE-2019-12312
Impact: Moderate Public Date: 2019-05-12 CWE: CWE-476 Bugzilla: 1716918: CVE-2019-12312 libreswan: null ...

References

CWE-476CWE-617https://github.com/libreswan/libreswan/issues/246https://github.com/libreswan/libreswan/compare/9b1394e...3897683http://www.iwantacve.cn/index.php/archives/218/https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patchhttps://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txthttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930338https://access.redhat.com/security/cve/cve-2019-12312
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook