CVE-2019-10155

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

Published: Jun 12, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-10155
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.1
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P

CWEs:

CWE-354

Affected Software
References

Software	From	Fixed in
strongswan / strongswan	-	5.0.0
libreswan / libreswan	-	3.29
xelerance / openswan	-	-
fedoraproject / fedora	29	29.x
fedoraproject / fedora	30	30.x
redhat / enterprise_linux	8.0	8.0.x

https://access.redhat.com/errata/RHSA-2019:3391
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155
https://libreswan.org/security/CVE-2019-10155/
https://lists.fedoraproject.org/archives/list/[email protected]/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/
https://lists.fedoraproject.org/archives/list/[email protected]/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS/

Vulnerability Database

289,689

CVE-2019-10155