Vulnerability Details CVE-2016-3071
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://download.libreswan.org/CHANGES
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182050.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182130.html
- http://www.securityfocus.com/bid/87295
- https://libreswan.org/security/CVE-2016-3071/CVE-2016-3071.txt
- http://download.libreswan.org/CHANGES
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182050.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182130.html
- http://www.securityfocus.com/bid/87295
- https://libreswan.org/security/CVE-2016-3071/CVE-2016-3071.txt
Products affected by CVE-2016-3071
-
cpe:2.3:a:libreswan:libreswan:3.16
-
cpe:2.3:o:fedoraproject:fedora:23
-
cpe:2.3:o:fedoraproject:fedora:24