CVE-2019-12312NULL Pointer Dereference in Libreswan

CWE-476NULL Pointer DereferenceCWE-617Reachable Assertion10 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LibreswanDebian Libreswan
Timeline
PublishedMay 24
Latest updateMay 24

Description

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/libreswan< libreswan 3.27-5 (bookworm)
Debianlibreswan/libreswan< 3.27-5+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-mg44-55g8-hfpm: In Libreswan before 32022-05-24
OSV
CVE-2019-12312: In Libreswan 32019-05-24

📋Vendor Advisories

2
Red Hat
libreswan: null-pointer dereference by sending two IKEv2 packets2019-05-12
Debian
CVE-2019-12312: libreswan - In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. A...2019

💬Community

5
Bugzilla
CVE-2019-12312 strongswan: libreswan: null-pointer dereference by sending two IKEv2 packets [epel-all]2019-06-04
Bugzilla
CVE-2019-12312 libreswan: null-pointer dereference by sending two IKEv2 packets2019-06-04
Bugzilla
CVE-2019-12312 strongswan: libreswan: null-pointer dereference by sending two IKEv2 packets [fedora-all]2019-06-04
Bugzilla
CVE-2019-12312 libreswan: null-pointer dereference by sending two IKEv2 packets [fedora-all]2019-06-04
Bugzilla
CVE-2019-12312 libreswan: null-pointer dereference by sending two IKEv2 packets [epel-6]2019-06-04