Vulnerability Details CVE-2016-5391
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1356183
- https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/
- https://bugzilla.redhat.com/show_bug.cgi?id=1356183
- https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/
Products affected by CVE-2016-5391
-
cpe:2.3:a:libreswan:libreswan:3.0
-
cpe:2.3:a:libreswan:libreswan:3.1
-
cpe:2.3:a:libreswan:libreswan:3.10
-
cpe:2.3:a:libreswan:libreswan:3.11
-
cpe:2.3:a:libreswan:libreswan:3.12
-
cpe:2.3:a:libreswan:libreswan:3.14
-
cpe:2.3:a:libreswan:libreswan:3.16
-
cpe:2.3:a:libreswan:libreswan:3.17
-
cpe:2.3:a:libreswan:libreswan:3.2
-
cpe:2.3:a:libreswan:libreswan:3.3
-
cpe:2.3:a:libreswan:libreswan:3.4
-
cpe:2.3:a:libreswan:libreswan:3.5
-
cpe:2.3:a:libreswan:libreswan:3.6
-
cpe:2.3:a:libreswan:libreswan:3.7
-
cpe:2.3:a:libreswan:libreswan:3.9
-
cpe:2.3:o:fedoraproject:fedora:23
-
cpe:2.3:o:fedoraproject:fedora:24