CVE-2013-2053

Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.

Published: Jul 9, 2013
Updated: Nov 8, 2023
CVE: CVE-2013-2053
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
xelerance / openswan	2.6.01	2.6.01.x
xelerance / openswan	2.6.02	2.6.02.x
xelerance / openswan	2.6.03	2.6.03.x
xelerance / openswan	2.6.04	2.6.04.x
xelerance / openswan	2.6.05	2.6.05.x
xelerance / openswan	2.6.06	2.6.06.x
xelerance / openswan	2.6.07	2.6.07.x
xelerance / openswan	2.6.08	2.6.08.x
xelerance / openswan	2.6.09	2.6.09.x
xelerance / openswan	2.6.10	2.6.10.x
xelerance / openswan	2.6.11	2.6.11.x
xelerance / openswan	2.6.12	2.6.12.x
xelerance / openswan	2.6.13	2.6.13.x
xelerance / openswan	2.6.14	2.6.14.x
xelerance / openswan	2.6.15	2.6.15.x
xelerance / openswan	2.6.16	2.6.16.x
xelerance / openswan	2.6.17	2.6.17.x
xelerance / openswan	2.6.18	2.6.18.x
xelerance / openswan	2.6.19	2.6.19.x
xelerance / openswan	2.6.20	2.6.20.x
xelerance / openswan	2.6.21	2.6.21.x
xelerance / openswan	2.6.22	2.6.22.x
xelerance / openswan	2.6.23	2.6.23.x
xelerance / openswan	2.6.24	2.6.24.x
xelerance / openswan	2.6.25	2.6.25.x
xelerance / openswan	2.6.26	2.6.26.x
xelerance / openswan	2.6.27	2.6.27.x
xelerance / openswan	2.6.28	2.6.28.x
xelerance / openswan	2.6.29	2.6.29.x
xelerance / openswan	2.6.30	2.6.30.x
xelerance / openswan	2.6.31	2.6.31.x
xelerance / openswan	2.6.32	2.6.32.x
xelerance / openswan	2.6.33	2.6.33.x
xelerance / openswan	2.6.34	2.6.34.x
xelerance / openswan	2.6.35	2.6.35.x
xelerance / openswan	2.6.36	2.6.36.x
xelerance / openswan	2.6.37	2.6.37.x
xelerance / openswan	-	2.6.38.x

Vulnerability Database

289,697

CVE-2013-2053