PT-2023-5263 · Libreswan+5 · Libreswan+5

Published

2023-08-08

Updated

2024-03-24

CVE-2023-38712

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Libreswan versions 3.x and 4.x before 4.12

Description An issue was discovered in Libreswan when an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. This issue is related to insufficient input validation in the handling of IKEv1 ISAKMP SA packets, which can allow a remote attacker to perform a denial-of-service attack.

Recommendations For Libreswan versions 3.x and 4.x before 4.12, update to version 4.12 or later to resolve the issue. As a temporary workaround, consider restricting the handling of IKEv1 ISAKMP SA Informational Exchange packets to minimize the risk of exploitation.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2023:6549

ALSA-2023:7052

AZL-28066

AZL-34937

BDU:2023-05880

CESA-2023_7052

CVE-2023-38712

MGASA-2024-0085

OESA-2023-1581

RHSA-2023:6549

RHSA-2023:7052

RHSA-2023_6549

RHSA-2023_7052

RHSA-2024:10594

RHSA-2025:0309

Affected Products

Almalinux

Centos

Debian

Libreswan

Red Hat

Red Os

PT-2023-5263 · Libreswan+5 · Libreswan+5

CVE-2023-38712

Weakness Enumeration

Related Identifiers

Affected Products

References · 51