What is the severity of CVE-2016-5391?

CVE-2016-5391 has a severity rating that indicates it allows remote attackers to cause a denial of service.

What causes the vulnerability CVE-2016-5391?

The vulnerability CVE-2016-5391 is caused by a bogus IKEv2 proposal lacking a DH transform, leading to a NULL pointer dereference.

How do I fix CVE-2016-5391?

To fix CVE-2016-5391, upgrade Libreswan to version 3.18 or later.

Which software versions are affected by CVE-2016-5391?

CVE-2016-5391 affects Libreswan versions prior to 3.18, including 3.17.

Is CVE-2016-5391 specific to any operating systems?

Yes, CVE-2016-5391 affects certain Fedora versions, including Fedora 23 and Fedora 24.

Vulnerability/
CVE-2016-5391

high

7.5

CWE

476

13/7/2016

13/6/2017

6/8/2024

CVE-2016-5391: Null Pointer Dereference

First published: Wed Jul 13 2016(Updated: )

A vulnerability was found in libreswan 3.17. IKEv2 bogus proposal lacking DH transform causes pluto daemon to restart.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Libreswan	<=3.17
Red Hat Fedora	=23
Red Hat Fedora	=24

Remedy

https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-5391?
CVE-2016-5391 has a severity rating that indicates it allows remote attackers to cause a denial of service.
What causes the vulnerability CVE-2016-5391?
The vulnerability CVE-2016-5391 is caused by a bogus IKEv2 proposal lacking a DH transform, leading to a NULL pointer dereference.
How do I fix CVE-2016-5391?
To fix CVE-2016-5391, upgrade Libreswan to version 3.18 or later.
Which software versions are affected by CVE-2016-5391?
CVE-2016-5391 affects Libreswan versions prior to 3.18, including 3.17.
Is CVE-2016-5391 specific to any operating systems?
Yes, CVE-2016-5391 affects certain Fedora versions, including Fedora 23 and Fedora 24.

agent/type
agent/references
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/remedy
agent/event
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-5391
agent/trending
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/libreswan
canonical/libreswan
version/libreswan/3.17
vendor/fedoraproject
canonical/red hat fedora
version/red hat fedora/23
version/red hat fedora/24

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.