CVE-2019-12312

Name of the Vulnerable Software and Affected Versions Libreswan version 3.27

Description The issue is related to an assertion failure that can cause the pluto IKE daemon to restart. An attacker can exploit this by initiating an IKEv2 IKE SA INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normally expected IKE AUTH exchange. This triggers a NULL pointer dereference in the send v2N spi response from state() function, located in programs/pluto/ikev2 send.c, leading to a restart of libreswan.

Recommendations For Libreswan version 3.27, consider disabling the send v2N spi response from state() function as a temporary workaround until a patch is available. Restrict access to the IKEv2 IKE SA INIT exchange to minimize the risk of exploitation. Avoid using the INFORMATIONAL exchange in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.