libreswan: IKEv1 default AH/ESP responder can crash and restart

[David Morel <david.morel () vates tech>]

Hello,

I noticed I missed a few CVEs on libreswan recently as the project is
not posting them here, I subscribed to their announce mailing-list to
monitor that for work, and thought I could try to follow and post them
here when there are new things. That being said, here is the latest one:

Vulnerability information
=========================
The function compute_proto_keymat() did not handle unexpected proposals
for which the keymat size is 0, such as AES-GMAC which can be used only
with NULL encryption.  The function ends up calling an assertion failure
routine. No Remote Code Execution is possible.

- CVE-2024-3652
- Advisory: https://libreswan.org/security/CVE-2024-3652/CVE-2024-3652.txt
- Severity: Medium
- Vulnerable versions: libreswan 3.22 - 4.14
- Not vulnerable: libreswan 3.0 - 3.21, 4.15+, 5.0+

-- 
David Morel