CVE-2020-1763
First published: Tue May 12 2020(Updated: )
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/libreswan | 3.27-6+deb10u1 4.3-1+deb11u4 4.3-1+deb11u3 4.10-2+deb12u1 4.12-1 | |
| debian/libreswan | <=3.27-6<=3.29-2 | 3.27-6+deb10u1 3.32-1 |
| Libreswan Libreswan | >=3.27<=3.31 | |
| Libreswan Libreswan | =3.5 | |
| Siemens RUGGEDCOM ROX MX5000 | <2.14.0 | 2.14.0 |
| Siemens RUGGEDCOM ROX RX1400 | <2.14.0 | 2.14.0 |
| Siemens RUGGEDCOM ROX RX1500 | <2.14.0 | 2.14.0 |
| Siemens RUGGEDCOM ROX RX1501 | <2.14.0 | 2.14.0 |
| Siemens RUGGEDCOM ROX RX1510 | <2.14.0 | 2.14.0 |
| Siemens RUGGEDCOM ROX RX1511 | <2.14.0 | 2.14.0 |
| Siemens RUGGEDCOM ROX RX500 | <2.14.0 | 2.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/libreswan/libreswan/commit/fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9
- https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
- https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
- https://security-tracker.debian.org/tracker/CVE-2020-1763
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1763
- https://bugs.debian.org/960458
- https://salsa.debian.org/debian/libreswan/-/merge_requests/2/diffs
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960458
- https://bugzilla.redhat.com/show_bug.cgi?id=1813329
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://security.gentoo.org/glsa/202007-21
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
- https://www.debian.org/security/2020/dsa-4684
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-040-04 (Advisory)
Frequently Asked Questions
What is CVE-2020-1763?
CVE-2020-1763 is an out-of-bounds buffer read flaw in the pluto daemon of libreswan.
How does CVE-2020-1763 impact libreswan?
CVE-2020-1763 allows an unauthenticated attacker to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets.
What versions of libreswan are affected by CVE-2020-1763?
Versions 3.27 to 3.31 of libreswan are affected by CVE-2020-1763.
What is the severity of CVE-2020-1763?
CVE-2020-1763 has a severity value of 7.5, which is considered high.
How can I fix CVE-2020-1763?
To fix CVE-2020-1763, you should update to the patched versions of libreswan (3.27-6+deb10u1, 4.3-1+deb11u4, 4.3-1+deb11u3, 4.10-2+deb12u1, 4.12-1, or 3.32-1).
- collector/security-tracker-debian
- collector/debian-bugs
- alias/CVE-2020-1763
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/event
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/libreswan
- canonical/libreswan libreswan
- version/libreswan libreswan/3.27
- version/libreswan libreswan/3.31
- version/libreswan libreswan/3.5
- vendor/siemens
- canonical/siemens ruggedcom rox mx5000
- canonical/siemens ruggedcom rox rx1400
- canonical/siemens ruggedcom rox rx1500
- canonical/siemens ruggedcom rox rx1501
- canonical/siemens ruggedcom rox rx1510
- canonical/siemens ruggedcom rox rx1511
- canonical/siemens ruggedcom rox rx1512
- canonical/siemens ruggedcom rox rx500