CVE-2013-2052

libreswan 3.0-3.1 - Buffer Overflow in atodn Function via DNS TXT Records

Title source: llm
STIX 2.1

Description

Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.

References (2)

Core 2
Core References
Vendor Advisory mailing-list x_refsource_mlist
https://lists.libreswan.org/pipermail/swan-announce/2013/000003.html
Patch, Vendor Advisory x_refsource_confirm
https://libreswan.org/security/CVE-2013-2052/CVE-2013-2052.txt

Scores

EPSS 0.0175
EPSS Percentile 75.2%

Details

CWE
CWE-119
Status published
Products (2)
libreswan/libreswan 3.0
libreswan/libreswan 3.1
Published Jul 09, 2013
Tracked Since Feb 18, 2026