CVE-2024-3652 – IKEv1 default AH/ESP responder can cause libreswan to abort and restart
https://notcve.org/view.php?id=CVE-2024-3652
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. Se notificó a Libreswan Project sobre un problema que provocaba que libreswan se reiniciara al usar IKEv1 sin especificar una línea esp=. Cuando el par solicita AES-GMAC, el controlador de propuestas predeterminado de libreswan provoca un error de aserción, falla y se reinicia. • https://github.com/bigb0x/CVE-2024-36527 http://www.openwall.com/lists/oss-security/2024/04/18/2 https://libreswan.org/security/CVE-2024-3652 https://access.redhat.com/security/cve/CVE-2024-3652 https://bugzilla.redhat.com/show_bug.cgi?id=2274448 • CWE-404: Improper Resource Shutdown or Release CWE-617: Reachable Assertion •
CVE-2023-38712 – libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart
https://notcve.org/view.php?id=CVE-2023-38712
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. Se ha descubierto un problema en Libreswan 3.x y 4.x antes de 4.12. Cuando un paquete IKEv1 ISAKMP SA Informational Exchange contiene una carga útil Delete/Notify seguida de más Notifies que actúan sobre el ISAKMP SA, como un mensaje Delete/Notify duplicado, una desviación de puntero NULL en el estado eliminado hace que el demonio pluto se bloquee y se reinicie. A NULL pointer dereference vulnerability was found in the Libreswan package. • https://github.com/libreswan/libreswan/tags https://libreswan.org/security/CVE-2023-38712 https://access.redhat.com/security/cve/CVE-2023-38712 https://bugzilla.redhat.com/show_bug.cgi?id=2225369 • CWE-476: NULL Pointer Dereference •
CVE-2023-38710 – libreswan: Invalid IKEv2 REKEY proposal causes restart
https://notcve.org/view.php?id=CVE-2023-38710
An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. Se ha descubierto un problema en Libreswan anterior a 4.12. • https://github.com/libreswan/libreswan/tags https://libreswan.org/security/CVE-2023-38710 https://access.redhat.com/security/cve/CVE-2023-38710 https://bugzilla.redhat.com/show_bug.cgi?id=2225368 • CWE-617: Reachable Assertion •
CVE-2020-1763 – libreswan: DoS attack via malicious IKEv1 informational exchange message
https://notcve.org/view.php?id=CVE-2020-1763
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. Un fallo de lectura de búfer fuera de límites fue detectado en el demonio pluto de libreswan versiones 3.27 hasta 3.31 donde, un atacante no autenticado podría usar este fallo para bloquear a libreswan mediante el envío de paquetes IKEv1 Informational Exchange especialmente diseñados. El demonio reaparece después del bloqueo. An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. • https://bugzilla.redhat.com/show_bug.cgi?id=1813329 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763 https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt https://security.gentoo.org/glsa/202007-21 https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 https://www.debian.org/security/2020/dsa-4684 https://access.redh • CWE-125: Out-of-bounds Read •
CVE-2019-10155 – libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check
https://notcve.org/view.php?id=CVE-2019-10155
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29. Se ha encontrado una vulnerabilidad en el proyecto The Libreswan en el procesador de IKEv1 Los paquetes de intercambio informativo IKEv1 que están cifrados y protegidos por integridad utilizando las claves de integridad y cifrado IKE SA establecidas, pero como receptor, el valor de verificación de integridad no se verificó. Este problema afecta a las versiones anteriores a 3.29. A vulnerability was found in the Libreswan Project. • https://access.redhat.com/errata/RHSA-2019:3391 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155 https://libreswan.org/security/CVE-2019-10155 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS https://access.redhat.com/security/cve/CVE-2019-10155 https://bugzilla.redhat.com/show_bug.cgi?id=1714141 • CWE-354: Improper Validation of Integrity Check Value •