{
  "threat_severity" : "Important",
  "public_date" : "2020-05-11T00:00:00Z",
  "bugzilla" : {
    "description" : "libreswan: DoS attack via malicious IKEv1 informational exchange message",
    "id" : "1814541",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1814541"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-125",
  "details" : [ "An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.", "An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash." ],
  "statement" : "This flaw does not affect the version of libreswan shipped with Red Hat Enterprise Linux 6 and 7 because they did not ship the vulnerable code. (The offending commit fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 and others was introduced in libreswan-3.27)",
  "acknowledgement" : "This issue was discovered by Paul Wouters (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-05-12T00:00:00Z",
    "advisory" : "RHSA-2020:2070",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libreswan-0:3.29-7.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-05-12T00:00:00Z",
    "advisory" : "RHSA-2020:2069",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.0",
    "package" : "libreswan-0:3.27-10.el8_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2020-05-12T00:00:00Z",
    "advisory" : "RHSA-2020:2071",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.1",
    "package" : "libreswan-0:3.29-7.el8_1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libreswan",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libreswan",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-1763\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1763\nhttps://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt" ],
  "name" : "CVE-2020-1763",
  "mitigation" : {
    "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
    "lang" : "en:us"
  },
  "csaw" : false
}