CVE-2019-10155

NameCVE-2019-10155
DescriptionThe Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs930338

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libreswan (PTS)bullseye4.3-1+deb11u4fixed
bullseye (security)4.3-1+deb11u3fixed
bookworm4.10-2+deb12u1fixed
sid, trixie4.14-1.1fixed
strongswan (PTS)bullseye (security), bullseye5.9.1-1+deb11u4fixed
bookworm, bookworm (security)5.9.8-5+deb12u1fixed
sid, trixie5.9.13-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freeswansource(unstable)(unfixed)
libreswansource(unstable)3.27-6930338
openswansource(unstable)(unfixed)
strongswansource(unstable)5.1.0-1

Notes

https://libreswan.org/security/CVE-2019-10155/
Not vulnerable: libreswan 3.29 and later, strongswan 5.0 and later, freeswan
Search for package or bug name: Reporting problems