CVE-2019-10155

Name of the Vulnerable Software and Affected Versions: Libreswan versions prior to 3.29

Description: A vulnerability was found in the processing of IKEv1 informational exchange packets. These packets are encrypted and integrity protected using the established IKE SA encryption and integrity keys. However, as a receiver, the integrity check value was not verified.

Recommendations: For versions prior to 3.29, update to version 3.29 or later to resolve the issue. As a temporary workaround, consider restricting the use of IKEv1 informational exchange packets until a patch is available.