Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-5361

Опубликовано: 16 июн. 2016
Источник: debian
EPSS Низкий

Описание

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libreswannot-affectedpackage

Примечания

  • Possibly the CVE should be rejected: https://www.openwall.com/lists/oss-security/2016/06/13/1

  • MITRE has not assigned the CVE to the protocol flaw, but specific to libreswan, but as

  • Huzaifa Sidhpurwala <huzaifas@redhat.com> pointed out that is not a libreswan issue, rather

  • the protocol is flawed.

EPSS

Процентиль: 76%
0.00953
Низкий

Связанные уязвимости

redhat логотип

CVE-2016-5361

redhat
больше 9 лет назад

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.

nvd логотип

CVE-2016-5361

CVSS3: 7.5
nvd
около 9 лет назад

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.

github логотип

GHSA-pvgh-6wjg-x887

CVSS3: 7.5
github
больше 3 лет назад

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.

oracle-oval логотип

ELSA-2016-2603

oracle-oval
почти 9 лет назад

ELSA-2016-2603: libreswan security and bug fix update (MODERATE)

EPSS

Процентиль: 76%
0.00953
Низкий