Published: 25/08/2023 Updated: 11/12/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

An issue exists in Libreswan 3.x and 4.x prior to 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libreswan libreswan

概要 Moderate: libreswan security update タイプ/重大度 Security Advisory: Moderate Red Hat Insights パッチ分析このアドバイザリーの影響を受けるシステムを特定し、修正します。影響を受けるシステムの表示トピック An update for libreswan is now available for Red Hat Enterprise ...

Debian Bug report logs - #1066059 libreswan: CVE-2024-2357 Package: src:libreswan; Maintainer for src:libreswan is Daniel Kahn Gillmor <dkg@fifthhorsemannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 11 Mar 2024 21:24:01 UTC Severity: important Tags: security, upstream Found in versions libr ...

A NULL pointer dereference vulnerability was found in the Libreswan package When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state occurs This flaw allows a malicious c ...

Description This CVE is under investigation by Red Hat Product Security ...

CWE-476 https://github.com/libreswan/libreswan/tags https://libreswan.org/security/CVE-2023-38712/https://access.redhat.com/errata/RHSA-2023:7052 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2299.html

CVE-2023-38712

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect