Back to overview

CVE-2026-12413

HIGH
7.5
CVSS 3.1
Description
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md->digest_roof < elemsof(md->digest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected.

Metadata

CVE ID
CVE-2026-12413
State
PUBLISHED
Assigner
libreswan
Reserved
2026-06-16 15:52 UTC
Published
2026-07-02 21:19 UTC
Last updated
2026-07-02 21:19 UTC
Primary CWE
CWE-193
Off-by-one Error
Vendor / Product
The Libreswan Project / libreswan
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products (1)
VendorProductPlatformVersions
The Libreswan Project libreswan 4.6 ≤ 5.3, 5.3.1
Weakness (CWE)
CWESourceDescription
CWE-193 cna Off-by-one Error
CWE-617 cna Reachable Assertion
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References (2)
Back to overview