CVE-2015-3204
libreswan 3.9-3.12 - Denial of Service via Malformed IKEv1 Packet
Title source: llmDescription
libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://libreswan.org/security/CVE-2015-3204/CVE-2015-3204.txt
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1154.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201603-13
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75392
Scores
EPSS
0.0260
EPSS Percentile
83.5%
Details
CWE
CWE-20
Status
published
Products (4)
libreswan/libreswan
3.9
libreswan/libreswan
3.10
libreswan/libreswan
3.11
libreswan/libreswan
3.12
Published
Jul 01, 2015
Tracked Since
Feb 18, 2026