CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3652 – IKEv1 default AH/ESP responder can cause libreswan to abort and restart
https://notcve.org/view.php?id=CVE-2024-3652
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. Se notificó a Libreswan Project sobre un problema que provocaba que libreswan se reiniciara al usar IKEv1 sin especificar una línea esp=. Cuando el par solicita AES-GMAC, el controlador de propuestas predeterminado de libreswan provoca un error de aserción, falla y se reinicia. • https://github.com/bigb0x/CVE-2024-36527 http://www.openwall.com/lists/oss-security/2024/04/18/2 https://libreswan.org/security/CVE-2024-3652 https://access.redhat.com/security/cve/CVE-2024-3652 https://bugzilla.redhat.com/show_bug.cgi?id=2274448 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38710 – libreswan: Invalid IKEv2 REKEY proposal causes restart
https://notcve.org/view.php?id=CVE-2023-38710
An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. Se ha descubierto un problema en Libreswan anterior a 4.12. • https://github.com/libreswan/libreswan/tags https://libreswan.org/security/CVE-2023-38710 https://access.redhat.com/security/cve/CVE-2023-38710 https://bugzilla.redhat.com/show_bug.cgi?id=2225368 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38712 – libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart
https://notcve.org/view.php?id=CVE-2023-38712
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. Se ha descubierto un problema en Libreswan 3.x y 4.x antes de 4.12. Cuando un paquete IKEv1 ISAKMP SA Informational Exchange contiene una carga útil Delete/Notify seguida de más Notifies que actúan sobre el ISAKMP SA, como un mensaje Delete/Notify duplicado, una desviación de puntero NULL en el estado eliminado hace que el demonio pluto se bloquee y se reinicie. A NULL pointer dereference vulnerability was found in the Libreswan package. • https://github.com/libreswan/libreswan/tags https://libreswan.org/security/CVE-2023-38712 https://access.redhat.com/security/cve/CVE-2023-38712 https://bugzilla.redhat.com/show_bug.cgi?id=2225369 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30570 – libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan
https://notcve.org/view.php?id=CVE-2023-30570
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. • https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt https://access.redhat.com/security/cve/CVE-2023-30570 https://bugzilla.redhat.com/show_bug.cgi?id=2187165 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1763 – libreswan: DoS attack via malicious IKEv1 informational exchange message
https://notcve.org/view.php?id=CVE-2020-1763
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. Un fallo de lectura de búfer fuera de límites fue detectado en el demonio pluto de libreswan versiones 3.27 hasta 3.31 donde, un atacante no autenticado podría usar este fallo para bloquear a libreswan mediante el envío de paquetes IKEv1 Informational Exchange especialmente diseñados. El demonio reaparece después del bloqueo. An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. • https://bugzilla.redhat.com/show_bug.cgi?id=1813329 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763 https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt https://security.gentoo.org/glsa/202007-21 https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 https://www.debian.org/security/2020/dsa-4684 https://access.redh • CWE-125: Out-of-bounds Read •