CVE-2013-2052

medium

Published 2013-07-09 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.1

Description

Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2013-2052 NameCVE-2013-2052 DescriptionBuffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.…

CVE-2013-2052

Name	CVE-2013-2052
Description	Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libreswan (PTS)	bullseye	4.3-1+deb11u4	fixed
	bullseye (security)	4.3-1+deb11u3	fixed
	bookworm	4.10-2+deb12u1	fixed
	trixie	5.2-2.2	fixed
	sid	5.2-2.4	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
libreswan	source	(unstable)	(not affected)

Notes

- libreswan <not-affected> (Fixed before the initial upload to Debian)
https://libreswan.org/security/CVE-2013-2052/CVE-2013-2052.txt

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

- libreswan <not-affected> (Fixed before the initial upload to Debian)https://libreswan.org/security/CVE-2013-2052/CVE-2013-2052.txt

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`0`
debian	bullseye	fixed	`0`
debian	forky	fixed	`0`
debian	sid	fixed	`0`
debian	trixie	fixed	`0`

Application impact

Vendor	Product	Versions	Fixed
libreswan	libreswan	`3.0`
libreswan	libreswan	`3.1`

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.