{"id":"CVE-2020-1763","details":"An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.","modified":"2026-04-16T04:44:19.924751930Z","published":"2020-05-12T14:15:12.580Z","references":[{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-21"},{"type":"ADVISORY","url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4684"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1813329"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763"},{"type":"FIX","url":"https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8"},{"type":"FIX","url":"https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libreswan/libreswan","events":[{"introduced":"9b1394ea1190b38005e89a4d5188ba9d63506d0a"},{"last_affected":"f54f585809424a075a364c1266e131395685997c"},{"introduced":"0"},{"last_affected":"aba60a4fcc11765ecd2fb9352427c722a704bd8a"},{"fixed":"471a3e41a449d7c753bc4edbba4239501bb62ba8"}],"database_specific":{"versions":[{"introduced":"3.27"},{"last_affected":"3.31"},{"introduced":"0"},{"last_affected":"3.5"}]}}],"versions":["0.9.9","libreswan-0.0.1","pre_FreeBSD_merge_200607","v2.5.01","v2.5.03","v2.6.01","v2.6.03","v2.6.07","v2.6.14","v2.6.15","v2.6.15dr2","v2.6.16","v2.6.16dr1","v2.6.16dr2","v2.6.16dr3","v2.6.16dr4","v2.6.16dr5","v2.6.18","v2.6.18rc1","v2.6.19","v2.6.20","v2.6.20bis","v2.6.20rc2","v2.6.21","v2.6.22dr1","v2.6.23","v2.6.23dr1","v2.6.24","v2.6.24rc2","v2.6.24rc3","v2.6.24rc4","v2.6.24rc5","v2.6.26","v2.6.26rc1","v2.6.27dr1","v2.6.28dr1","v2.6.29","v2.6.29rc2","v2.6.32","v2.6.32dr1","v2.6.32dr3","v2.6.32dr4","v2.6.32dr5","v2.6.32rc1","v2.6.32rc3","v2.6.32rc5","v2.6.32rc6","v2.6.32rc7","v2.6.32rc8","v2.6.32rc9","v2.6.33dr2","v2.6.33rc1","v2.6.34","v2.6.34dr1","v2.6.34dr2","v2.6.34rc1","v2.6.34rc2","v2.6.34rc5","v2.6.34rc6","v2.6.35dr1","v2.6.36","v2.6.36dr1","v2.6.36rc1","v2.6.37","v2.6.38","v2.6.38dr2","v2.6.38rc1","v2.6.38rc2","v2.92","v2.93","v3.1","v3.27","v3.28","v3.2rc1","v3.3","v3.30","v3.31","v3.4","v3.5"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","id":"CVE-2020-1763-35f05910","deprecated":false,"target":{"file":"programs/pluto/ikev1.c"},"source":"https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["192785595241567337803171226975667384092","151688309535239392845873598075242329199","267668679704350220890171108057600248734","320866523120216577581671520102311072700"]}},{"signature_version":"v1","id":"CVE-2020-1763-7142646b","deprecated":false,"target":{"function":"process_packet_tail","file":"programs/pluto/ikev1.c"},"source":"https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8","signature_type":"Function","digest":{"function_hash":"249042612403858674025323106804503298179","length":9557}}],"vanir_signatures_modified":"2026-04-11T12:40:05Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1763.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}