CVE-2019-10155

LOW

Libreswan <3.29 - Info Disclosure

Title source: llm

Description

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

References (5)

[Patch, Vendor Advisory] https://libreswan.org/security/CVE-2019-10155/

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:3391

Scores

CVSS v3 3.1

EPSS 0.0022

EPSS Percentile 44.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-354

Status published

Products (6)

fedoraproject/fedora 29

fedoraproject/fedora 30

libreswan/libreswan < 3.29

redhat/enterprise_linux 8.0

strongswan/strongswan < 5.0.0

xelerance/openswan

Published Jun 12, 2019

Tracked Since Feb 18, 2026