CVE-2013-7294
libreswan < 3.7 - Denial of Service via IKEv2 I1 Notification Without KE Payload
Title source: llmDescription
The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56276
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56915
Vendor Advisory mailing-list
x_refsource_mlist
https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html
Exploit, Patch x_refsource_confirm
https://github.com/libreswan/libreswan/commit/2899351224fe2940aec37d7656e1e392c0fe07f0
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/101573
Scores
EPSS
0.0255
EPSS Percentile
83.2%
Details
CWE
CWE-20
Status
published
Products (7)
libreswan/libreswan
3.0
libreswan/libreswan
3.1
libreswan/libreswan
3.2
libreswan/libreswan
3.3
libreswan/libreswan
3.4
libreswan/libreswan
3.5
libreswan/libreswan
< 3.6
Published
Jan 16, 2014
Tracked Since
Feb 18, 2026