CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3652 – IKEv1 default AH/ESP responder can cause libreswan to abort and restart
https://notcve.org/view.php?id=CVE-2024-3652
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. Se notificó a Libreswan Project sobre un problema que provocaba que libreswan se reiniciara al usar IKEv1 sin especificar una línea esp=. Cuando el par solicita AES-GMAC, el controlador de propuestas predeterminado de libreswan provoca un error de aserción, falla y se reinicia. • https://github.com/bigb0x/CVE-2024-36527 http://www.openwall.com/lists/oss-security/2024/04/18/2 https://libreswan.org/security/CVE-2024-3652 https://access.redhat.com/security/cve/CVE-2024-3652 https://bugzilla.redhat.com/show_bug.cgi?id=2274448 • CWE-617: Reachable Assertion •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2357 – IKEv2 misconfiguration can cause libreswan to abort and restart
https://notcve.org/view.php?id=CVE-2024-2357
The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service. Se notificó a Libreswan Project sobre un problema que causaba que libreswan se reiniciara en algunos escenarios de retransmisión de IKEv2 cuando una conexión está configurada para usar PreSharedKeys (authby=secret) y la conexión no puede encontrar un secreto configurado coincidente. Cuando dicha conexión se agrega automáticamente al inicio usando la palabra clave auto=, puede causar fallas repetidas que conducen a una denegación de servicio. A flaw was found in Libreswan. • https://libreswan.org/security/CVE-2024-2357 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJZJYFHKBIJ4ZK5GAWWFFR3AKJS6O5JX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEM46ALKF7NG6CAUKZ7KQERVOHWQIQKY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVQ7MZY6LFFGRWAJNTKKN2VSEFS2VPAR https://access.redhat.com/security/cve/CVE-2024-2357 https://bugzilla.redhat.com/show_bug.cgi?id=2268952 • CWE-400: Uncontrolled Resource Consumption •