CVEブラウザに戻る

CVE-2016-3071

HIGH

7.5

CVSS Severity Score

EPSS Score0.1130%

EPSS Percentile21.43th

Published2016年4月18日

Last Modified2026年5月6日

Vulnerability Description

Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.

Affected Platforms (CPE)

📦

Libreswan

Libreswan

= 3.16

💻

Fedoraproject

Fedora

= 23

💻

Fedoraproject

Fedora

= 24

References & Advisories

🔗 http://download.libreswan.org/CHANGES

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182050.html

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182130.html

🔗 http://www.securityfocus.com/bid/87295

🔗 https://libreswan.org/security/CVE-2016-3071/CVE-2016-3071.txt

🔗 http://download.libreswan.org/CHANGES

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182050.html

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182130.html

関連する脆弱性情報

CVE-2013-72839.3

Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecifie...

CVE-2020-17637.5

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticate...

CVE-2019-123127.5

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference ...

CVE-2016-53617.5

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a ...