CVE-2020-1763
- Source
- https://cve.org/CVERecord?id=CVE-2020-1763
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1763.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-1763
- Downstream
- Related
- Published
- 2020-05-12T14:15:12.580Z
- Modified
- 2026-03-10T23:07:32.295106Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
- References
-
- https://security.gentoo.org/glsa/202007-21
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
- https://www.debian.org/security/2020/dsa-4684
- https://bugzilla.redhat.com/show_bug.cgi?id=1813329
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763
- https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
- https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
Affected packages
Git / github.com/libreswan/libreswan
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libreswan/libreswan
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "3.27" }, { "last_affected": "3.31" }, { "introduced": "0" }, { "last_affected": "3.5" } ] }
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1763.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"192785595241567337803171226975667384092",
"151688309535239392845873598075242329199",
"267668679704350220890171108057600248734",
"320866523120216577581671520102311072700"
]
},
"source": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8",
"signature_type": "Line",
"id": "CVE-2020-1763-35f05910",
"target": {
"file": "programs/pluto/ikev1.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "249042612403858674025323106804503298179",
"length": 9557.0
},
"source": "https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8",
"signature_type": "Function",
"id": "CVE-2020-1763-7142646b",
"target": {
"file": "programs/pluto/ikev1.c",
"function": "process_packet_tail"
}
}
]