VDB
CVE-2020-1763
CVE-2020-1763
PUBLISHED
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
EPSS 5.68% · 90.6th percentile
Risk Scores
EPSS Score
5.68%
90.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | libreswan | 3.21-2, 3.23-1, 3.23-4 |
| Ubuntu:20.04:LTS | libreswan | 3.29-2, 3.29-2build1, 0 |
Timeline
- May 12, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-1763 third-party-advisory
- https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1813329 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763 third-party-advisory
- https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-1763 third-party-advisory