PT-2026-55315 · Libreswan · Libreswan

Andrew Cagney

+2

·

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-50721

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Libreswan (affected versions not specified)
Description Libreswan fails to correctly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS #1 RSA Encryption. This occurs within the RSA authenticate hash signature raw rsa() function. A remote attacker can exploit this using a variation of the Bleichenbacher attack—a cryptographic attack targeting RSA encryption—to forge the SIG payload when small public exponents (such as e=3) are used, potentially leading to impersonation. Furthermore, by encoding a hash shorter than expected in the SIG payload, a remote attacker can trigger an assertion that causes the daemon to abort and restart, resulting in a sustained denial-of-service. Remote code execution is not possible, and X.509 certificate verifications of remote IKE peers remain unaffected.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Assertion Failure

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-50721

Affected Products

Libreswan