CVE-2023-38712 — NULL Pointer Dereference in Libreswan

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 86.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

9

Libreswan Debian Libreswan Msrc Azl3 Libreswan 4.7-6 ON Azure Linux 3.0 +6 more

Timeline

PublishedAug 25

Description

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages10 packages

▶debiandebian/libreswan< libreswan 4.12-1 (forky)

▶NVDlibreswan/libreswan3.0 — 4.0+1

▶Debianlibreswan/libreswan< 4.12-1+1

▶msrcmsrc/azl3_libreswan_4.7-6_on_azure_linux_3.0

▶msrcmsrc/azl3_libreswan_4.7-7_on_azure_linux_3.0

🔴Vulnerability Details

2

GHSA

GHSA-65xr-g9j5-jv8g: An issue was discovered in Libreswan 3↗2023-08-25

▶

OSV

CVE-2023-38712: An issue was discovered in Libreswan 3↗2023-08-25

▶

📋Vendor Advisories

3

Red Hat

libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart↗2023-08-08

▶

Microsoft

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP↗2023-08-08

▶

Debian

CVE-2023-38712: libreswan - An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAK...↗2023

▶