PT-2026-55316 · Libreswan · Libreswan
Andrew Cagney
+2
·
Published
2026-07-02
·
Updated
2026-07-02
·
CVE-2026-50722
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Libreswan (affected versions not specified)
Description
Libreswan fails to correctly verify the DER encoding of the ASN.1 digest within the IKEv2 AUTH payload when using RSASSA-PKCS1-v1 5. This occurs in the
RSA authenticate hash signature pkcs1 1 5 rsa() function. A remote attacker can exploit this using a variation of the Bleichenbacher attack—a method of attacking RSA encryption—to forge the AUTH payload when small public exponents (such as e=3) are used, allowing for impersonation. Furthermore, an attacker can cause a denial-of-service by encoding a hash shorter than expected in the AUTH payload, which triggers an assertion that causes the daemon to abort and restart. Remote code execution is not possible, and X.509 certificate verifications of the remote IKE peer remain unaffected.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Assertion Failure
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Libreswan