CVE-2016-5361

Name of the Vulnerable Software and Affected Versions libreswan versions prior to 3.17

Description The issue allows remote attackers to cause a denial of service, specifically traffic amplification, via a spoofed UDP packet. This is due to the retransmission in initial-responder states. The original behavior complies with the IKEv1 protocol but has a required security update from the libreswan vendor.

Recommendations For versions prior to 3.17, update to version 3.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected ikev1.c module to minimize the risk of exploitation.