CVE-2019-10155

NameCVE-2019-10155
DescriptionThe Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow
Debian Bugs930338

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libreswan (PTS)buster3.27-6fixed
bullseye, sid3.29-2fixed
strongswan (PTS)jessie5.2.1-6+deb8u6fixed
jessie (security)5.2.1-6+deb8u8fixed
stretch (security), stretch5.5.1-4+deb9u4fixed
buster5.7.2-1fixed
bullseye, sid5.8.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freeswansource(unstable)(unfixed)
libreswansource(unstable)3.27-6930338
openswansource(unstable)(unfixed)
strongswansource(unstable)5.1.0-1

Notes

https://libreswan.org/security/CVE-2019-10155/
Not vulnerable: libreswan 3.29 and later, strongswan 5.0 and later, freeswan

Search for package or bug name: Reporting problems