CVE-2026-50721

Source
https://cve.org/CVERecord?id=CVE-2026-50721
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-50721.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-50721
Downstream
Published
2026-07-02T22:16:43.367Z
Modified
2026-07-11T04:04:08.492572705Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Libreswan, via the function RSAauthenticatehashsignatureraw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to forge the SIG payload when small public exponents are being used (e.g., e=3), which could lead to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the SIG payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of remote IKE peers are not affected.

References

Affected packages

Git / github.com/libreswan/libreswan

Affected ranges

Type
GIT
Repo
https://github.com/libreswan/libreswan
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.3.1"
        }
    ]
}

Affected versions

0.*
0.9.9
libreswan-0.*
libreswan-0.0.1
Other
pre_FreeBSD_merge_200607
v2.*
v2.5.01
v2.5.03
v2.6.01
v2.6.03
v2.6.07
v2.6.14
v2.6.15
v2.6.15dr2
v2.6.16
v2.6.16dr1
v2.6.16dr2
v2.6.16dr3
v2.6.16dr4
v2.6.16dr5
v2.6.18
v2.6.18rc1
v2.6.19
v2.6.20
v2.6.20bis
v2.6.20rc2
v2.6.21
v2.6.22dr1
v2.6.23
v2.6.23dr1
v2.6.24
v2.6.24rc2
v2.6.24rc3
v2.6.24rc4
v2.6.24rc5
v2.6.26
v2.6.26rc1
v2.6.27dr1
v2.6.28dr1
v2.6.29
v2.6.29rc2
v2.6.32
v2.6.32dr1
v2.6.32dr3
v2.6.32dr4
v2.6.32dr5
v2.6.32rc1
v2.6.32rc3
v2.6.32rc5
v2.6.32rc6
v2.6.32rc7
v2.6.32rc8
v2.6.32rc9
v2.6.33dr2
v2.6.33rc1
v2.6.34
v2.6.34dr1
v2.6.34dr2
v2.6.34rc1
v2.6.34rc2
v2.6.34rc5
v2.6.34rc6
v2.6.35dr1
v2.6.36
v2.6.36dr1
v2.6.36rc1
v2.6.37
v2.6.38
v2.6.38dr2
v2.6.38rc1
v2.6.38rc2
v2.92
v2.93
v3.*
v3.1
v3.11dr1
v3.14
v3.14rc2
v3.14rc3
v3.16
v3.16rc2
v3.16rc3
v3.17
v3.18
v3.18dr2
v3.19
v3.20
v3.20dr3
v3.20dr4
v3.21
v3.21rc5
v3.22
v3.22dr1
v3.25
v3.26
v3.27
v3.28
v3.2rc1
v3.3
v3.30
v3.4
v3.5
v3.6
v3.7
v4.*
v4.0
v4.1
v4.2
v4.3
v4.4
v4.5
v4.6
v4.7
v4.8
v4.9
v5.*
v5.0rc1
v5.0rc2
v5.1
v5.2
v5.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-50721.json"