oss-sec mailing list archives
libreswan: IKEv1 default AH/ESP responder can crash and restart
From: David Morel <david.morel () vates tech>
Date: Thu, 18 Apr 2024 10:01:41 +0200
Hello, I noticed I missed a few CVEs on libreswan recently as the project is not posting them here, I subscribed to their announce mailing-list to monitor that for work, and thought I could try to follow and post them here when there are new things. That being said, here is the latest one: Vulnerability information ========================= The function compute_proto_keymat() did not handle unexpected proposals for which the keymat size is 0, such as AES-GMAC which can be used only with NULL encryption. The function ends up calling an assertion failure routine. No Remote Code Execution is possible. - CVE-2024-3652 - Advisory: https://libreswan.org/security/CVE-2024-3652/CVE-2024-3652.txt - Severity: Medium - Vulnerable versions: libreswan 3.22 - 4.14 - Not vulnerable: libreswan 3.0 - 3.21, 4.15+, 5.0+ -- David Morel
Current thread:
- libreswan: IKEv1 default AH/ESP responder can crash and restart David Morel (Apr 18)