An invalidly formatted IKEv2 fragment causes the...
High severity
Unreviewed
Published
Jul 3, 2026
to the GitHub Advisory Database
•
Updated Jul 3, 2026
Description
Published by the National Vulnerability Database
Jul 2, 2026
Published to the GitHub Advisory Database
Jul 3, 2026
Last updated
Jul 3, 2026
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md->digest_roof < elemsof(md->digest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected.
References