CVE-2020-1763
- Source
- https://cve.org/CVERecord?id=CVE-2020-1763
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1763.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-1763
- Downstream
- Published
- 2020-05-12T14:15:12.580Z
- Modified
- 2026-04-16T04:44:19.924751930Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
- References
-
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://security.gentoo.org/glsa/202007-21
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
- https://www.debian.org/security/2020/dsa-4684
- https://bugzilla.redhat.com/show_bug.cgi?id=1813329
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763
- https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
- https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
Affected packages
Git / github.com/libreswan/libreswan
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libreswan/libreswan
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "3.27" }, { "last_affected": "3.31" }, { "introduced": "0" }, { "last_affected": "3.5" } ] }
Affected versions
0.*
0.9.9
libreswan-0.*
libreswan-0.0.1
Other
pre_FreeBSD_merge_200607
v2.*
v2.5.01
v2.5.03
v2.6.01
v2.6.03
v2.6.07
v2.6.14
v2.6.15
v2.6.15dr2
v2.6.16
v2.6.16dr1
v2.6.16dr2
v2.6.16dr3
v2.6.16dr4
v2.6.16dr5
v2.6.18
v2.6.18rc1
v2.6.19
v2.6.20
v2.6.20bis
v2.6.20rc2
v2.6.21
v2.6.22dr1
v2.6.23
v2.6.23dr1
v2.6.24
v2.6.24rc2
v2.6.24rc3
v2.6.24rc4
v2.6.24rc5
v2.6.26
v2.6.26rc1
v2.6.27dr1
v2.6.28dr1
v2.6.29
v2.6.29rc2
v2.6.32
v2.6.32dr1
v2.6.32dr3
v2.6.32dr4
v2.6.32dr5
v2.6.32rc1
v2.6.32rc3
v2.6.32rc5
v2.6.32rc6
v2.6.32rc7
v2.6.32rc8
v2.6.32rc9
v2.6.33dr2
v2.6.33rc1
v2.6.34
v2.6.34dr1
v2.6.34dr2
v2.6.34rc1
v2.6.34rc2
v2.6.34rc5
v2.6.34rc6
v2.6.35dr1
v2.6.36
v2.6.36dr1
v2.6.36rc1
v2.6.37
v2.6.38
v2.6.38dr2
v2.6.38rc1
v2.6.38rc2
v2.92
v2.93
v3.*
v3.1
v3.27
v3.28
v3.2rc1
v3.3
v3.30
v3.31
v3.4
v3.5
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "programs/pluto/ikev1.c"
},
"digest": {
"line_hashes": [
"192785595241567337803171226975667384092",
"151688309535239392845873598075242329199",
"267668679704350220890171108057600248734",
"320866523120216577581671520102311072700"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-1763-35f05910",
"signature_type": "Line",
"source": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"
},
{
"signature_version": "v1",
"digest": {
"length": 9557.0,
"function_hash": "249042612403858674025323106804503298179"
},
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-1763-7142646b",
"target": {
"function": "process_packet_tail",
"file": "programs/pluto/ikev1.c"
},
"source": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"
}
]
vanir_signatures_modified
"2026-04-11T12:40:05Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1763.json"