CVE-2023-38710

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Libreswan versions 3.20 through 4.12

Description An issue was discovered in Libreswan when an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1. This causes an error notify INVALID SPI to be sent back, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3), resulting in the pluto daemon crashing and restarting. The issue can be exploited by a remote attacker to perform a denial-of-service attack.

Recommendations For Libreswan versions 3.20 through 4.12, update to a version 4.12 or later to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALSA-2023:6549

ALSA-2023:7052

AZL-28064

AZL-34935

BDU:2023-05883

CESA-2023_7052

CVE-2023-38710

MGASA-2024-0085

OESA-2023-1581

RHSA-2023:6549

RHSA-2023:7052

RHSA-2023_6549

RHSA-2023_7052

RHSA-2024:10594

RHSA-2025:0309

Affected Products

Almalinux

Centos

Debian

Libreswan

Red Hat

Red Os

CVE-2023-38710

Weakness Enumeration

Related Identifiers

Affected Products

References · 51