{"id":"CVE-2026-50721","details":"Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to forge the SIG payload when small public exponents are being used (e.g., e=3), which could lead to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the SIG payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of remote IKE peers are not affected.","modified":"2026-07-11T04:04:08.492572705Z","published":"2026-07-02T22:16:43.367Z","database_specific":{},"references":[{"type":"ADVISORY","url":"https://libreswan.org/security/CVE-2026-50721/"},{"type":"ADVISORY","url":"https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt"},{"type":"ADVISORY","url":"https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt"},{"type":"ARTICLE","url":"https://www.rfc-editor.org/rfc/rfc2313"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libreswan/libreswan","events":[{"introduced":"0"},{"fixed":"de24519eb4ff49803a21d75e880c87834cf33beb"}],"database_specific":{"cpe":"cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"5.3.1"}]}}],"versions":["v5.3","v5.2","v5.1","v5.0rc2","v5.0rc1","v4.9","v4.8","v4.7","v4.6","v4.5","v4.4","v4.3","v4.2","v4.1","v4.0","v3.30","v3.28","v3.27","v3.26","v3.25","v3.22","v3.22dr1","v3.21","v3.20","v3.21rc5","v3.20dr4","v3.20dr3","v3.19","v3.18","v3.18dr2","v3.16","v3.17","v3.16rc3","v3.16rc2","v3.14","v3.14rc3","v3.14rc2","v3.7","v3.6","v3.5","v3.4","v3.3","v3.1","v3.11dr1","v3.2rc1","v2.93","v2.92","libreswan-0.0.1","0.9.9","v2.6.38","v2.6.38rc2","v2.6.38rc1","v2.6.38dr2","v2.6.32","v2.6.37","v2.6.36","v2.6.36rc1","v2.6.36dr1","v2.6.35dr1","v2.6.34","v2.6.34rc6","v2.6.34rc5","v2.6.34rc2","v2.6.34rc1","v2.6.34dr2","v2.6.34dr1","v2.6.33rc1","v2.6.33dr2","v2.6.32rc9","v2.6.32rc8","v2.6.32rc7","v2.6.32rc6","v2.6.32rc5","v2.6.32rc3","v2.6.32rc1","v2.6.32dr5","v2.6.32dr4","v2.6.32dr3","v2.6.32dr1","v2.6.29rc2","v2.6.29","v2.6.28dr1","v2.6.27dr1","v2.6.26","v2.6.26rc1","v2.6.24","v2.6.24rc5","v2.6.24rc4","v2.6.24rc3","v2.6.24rc2","v2.6.23","v2.6.23dr1","v2.6.22dr1","v2.6.21","v2.6.20bis","v2.6.20rc2","v2.6.20","v2.6.19","v2.6.18","v2.6.18rc1","v2.6.16","v2.6.16dr5","v2.6.16dr4","v2.6.16dr3","v2.6.16dr2","v2.6.16dr1","v2.6.15","v2.6.15dr2","v2.6.14","v2.6.07","v2.6.03","v2.6.01","v2.5.03","v2.5.01","pre_FreeBSD_merge_200607"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-50721.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}