Unrated severityNVD Advisory· Published Jul 9, 2013· Updated Apr 29, 2026

CVE-2013-2052

Description

Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.

Affected products

Libreswan/Libreswan2 versions
cpe:2.3:a:libreswan:libreswan:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:libreswan:libreswan:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:libreswan:libreswan:3.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

libreswan.org/security/CVE-2013-2052/CVE-2013-2052.txtnvdPatchVendor Advisory
lists.libreswan.org/pipermail/swan-announce/2013/000003.htmlnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000