pluto in Libreswan before 4.11 allows a denial of service...
High severity
Unreviewed
Published
May 29, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
May 29, 2023
Published to the GitHub Advisory Database
May 29, 2023
Last updated
Apr 4, 2024
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
References