ID CVE-2023-38711
Summary An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.
References
Vulnerable Configurations
  • cpe:2.3:a:libreswan:libreswan:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:4.8:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:4.9:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:4.9-1.el8:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:4.9-1.el8:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:4.9-1.el9:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:4.9-1.el9:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:4.10:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:4.11:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:4.11:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 12-12-2023 - 13:52
Published 25-08-2023 - 21:15
Last modified 12-12-2023 - 13:52
Back to Top