Libreswan 4.2 up to and including 4.5 allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libreswan libreswan |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
debian debian linux 10.0 |