CVE-2016-5361

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-5361

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5361.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-5361

Downstream

RHSA-2016:2603

Published

2016-06-16T14:59:51.890Z

Modified

2026-04-11T04:02:14.771560Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.

References

Affected packages

Git / github.com/libreswan/libreswan

Affected ranges

Type

GIT

Repo

https://github.com/libreswan/libreswan

Events

Introduced

Last affected

e3ddadd311a7943bae5a844048478abedd78db6d

Fixed

152d6d95632d8b9477c170f1de99bcd86d7fb1d6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.16"
        }
    ]
}

Affected versions

0.*

0.9.9

libreswan-0.*

libreswan-0.0.1

Other

pre_FreeBSD_merge_200607

v2.*

v2.5.01

v2.5.03

v2.6.01

v2.6.03

v2.6.07

v2.6.14

v2.6.15

v2.6.15dr2

v2.6.16

v2.6.16dr1

v2.6.16dr2

v2.6.16dr3

v2.6.16dr4

v2.6.16dr5

v2.6.18

v2.6.18rc1

v2.6.19

v2.6.20

v2.6.20bis

v2.6.20rc2

v2.6.21

v2.6.22dr1

v2.6.23

v2.6.23dr1

v2.6.24

v2.6.24rc2

v2.6.24rc3

v2.6.24rc4

v2.6.24rc5

v2.6.26

v2.6.26rc1

v2.6.27dr1

v2.6.28dr1

v2.6.29

v2.6.29rc2

v2.6.32

v2.6.32dr1

v2.6.32dr3

v2.6.32dr4

v2.6.32dr5

v2.6.32rc1

v2.6.32rc3

v2.6.32rc5

v2.6.32rc6

v2.6.32rc7

v2.6.32rc8

v2.6.32rc9

v2.6.33dr2

v2.6.33rc1

v2.6.34

v2.6.34dr1

v2.6.34dr2

v2.6.34rc1

v2.6.34rc2

v2.6.34rc5

v2.6.34rc6

v2.6.35dr1

v2.6.36

v2.6.36dr1

v2.6.36rc1

v2.6.37

v2.6.38

v2.6.38dr2

v2.6.38rc1

v2.6.38rc2

v2.92

v2.93

v3.*

v3.1

v3.11dr1

v3.14

v3.14rc2

v3.14rc3

v3.16

v3.16rc2

v3.16rc3

v3.2rc1

v3.3

v3.4

v3.5

v3.6

v3.7

Database specific

vanir_signatures_modified

"2026-04-11T04:02:14Z"

vanir_signatures

[
    {
        "id": "CVE-2016-5361-dd7ca340",
        "target": {
            "file": "programs/pluto/ikev1.c"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "86627652806821049497760891271003665430",
                "24201487968202576802260686202049093523",
                "142477410369922442914278731243663070207",
                "195996895018841027013861365178908799237",
                "199365784008076806722690670567754263660",
                "52319542269660515301921632493320412069",
                "304808937194196592359069955689753404872",
                "118760132748077652429291308902925545452",
                "211774493758382654980443649852360948765",
                "231585294691260960408558666364681762806",
                "3644685348924904675938374493361824857",
                "339878537889588885421261336996675171510",
                "98931066176891567730705546114123706351",
                "284659102604748356818408872773795585832",
                "263710493929765914036940580108869563612",
                "143853084601102197712553163232762326593"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/libreswan/libreswan/commit/152d6d95632d8b9477c170f1de99bcd86d7fb1d6",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5361.json"