CVE-2023-38710 — Reachable Assertion in Libreswan

CWE-617 — Reachable Assertion7 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 80.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreswan Debian Libreswan Msrc Azl3 Libreswan 4.7-6 ON Azure Linux 3.0 +6 more

Timeline

PublishedAug 25

Description

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages10 packages

▶debiandebian/libreswan< libreswan 4.12-1 (forky)

▶NVDlibreswan/libreswan3.20 — 4.12

▶Debianlibreswan/libreswan< 4.12-1+1

▶msrcmsrc/azl3_libreswan_4.7-6_on_azure_linux_3.0

▶msrcmsrc/azl3_libreswan_4.7-7_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-4967-9mw7-522q: An issue was discovered in Libreswan before 4↗2023-08-25

▶

OSV

CVE-2023-38710: An issue was discovered in Libreswan before 4↗2023-08-25

▶

CVEList

CVE-2023-38710: An issue was discovered in Libreswan before 4↗2023-08-25

▶

📋Vendor Advisories

Red Hat

libreswan: Invalid IKEv2 REKEY proposal causes restart↗2023-08-08

▶

Microsoft

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1 an error notify INVALID_SPI is sent back. The notify payloa↗2023-08-08

▶

Debian

CVE-2023-38710: libreswan - An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY p...↗2023

▶