Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
Upgrade to libreswan 5.3.1 or later. Patches for libreswan 4.15 and 5.3 are available at https://libreswan.org
Vendor Workaround
If fragmentation is not needed, fragmentation=no can be added to all IKEv2 configurations. If fragmentation is needed, no workaround is possible and the fix needs to be applied.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 02 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md->digest_roof < elemsof(md->digest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected. | |
| Title | IKEv2 Denial of Service via malformed fragmentation | |
| Weaknesses | CWE-193 CWE-617 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: libreswan
Published:
Updated: 2026-07-02T21:19:22.177Z
Reserved: 2026-06-16T15:52:12.674Z
Link: CVE-2026-12413
No data.
No data.
No data.
OpenCVE Enrichment
No data.