Candidate: CVE-2020-1763
PublicDate: 2020-05-12 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1763
 https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
 https://bugzilla.redhat.com/show_bug.cgi?id=1813329
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763
 https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
Description:
 An out-of-bounds buffer read flaw was found in the pluto daemon of
 libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker
 could use this flaw to crash libreswan by sending specially-crafted IKEv1
 Informational Exchange packets. The daemon respawns after the crash.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960458
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libreswan:
upstream_libreswan: needs-triage
precise/esm_libreswan: DNE
trusty_libreswan: ignored (out of standard support)
trusty/esm_libreswan: DNE
xenial_libreswan: DNE
bionic_libreswan: needs-triage
eoan_libreswan: ignored (reached end-of-life)
focal_libreswan: needs-triage
groovy_libreswan: not-affected (3.32-3)
hirsute_libreswan: not-affected (3.32-3)
impish_libreswan: not-affected (3.32-3)
jammy_libreswan: not-affected (3.32-3)
devel_libreswan: not-affected (3.32-3)