CVE-2019-12312 - OpenCVE

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Libreswan	Libreswan

Configuration 1 [-]

cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.iwantacve.cn/index.php/archives/218/	Exploit Third Party Advisory
https://github.com/libreswan/libreswan/compare/9b1394e...3897683	Patch Third Party Advisory
https://github.com/libreswan/libreswan/issues/246	Third Party Advisory
https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt
https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-24T13:06:41

Updated: 2019-06-06T18:51:42

Reserved: 2019-05-24T00:00:00

Link: CVE-2019-12312

JSON object: View

NVD Information

Status : Modified

Published: 2019-05-24T14:29:00.230

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-12312

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-06T18:51:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.iwantacve.cn/index.php/archives/218/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libreswan/libreswan/issues/246"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12312", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.iwantacve.cn/index.php/archives/218/", "refsource": "MISC", "url": "http://www.iwantacve.cn/index.php/archives/218/"}, {"name": "https://github.com/libreswan/libreswan/issues/246", "refsource": "MISC", "url": "https://github.com/libreswan/libreswan/issues/246"}, {"name": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683", "refsource": "MISC", "url": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683"}, {"name": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt", "refsource": "CONFIRM", "url": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt"}, {"name": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch", "refsource": "CONFIRM", "url": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12312", "datePublished": "2019-05-24T13:06:41", "dateReserved": "2019-05-24T00:00:00", "dateUpdated": "2019-06-06T18:51:42", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB2BCF10-D602-48EA-8A16-5E1193989E4F", "versionEndExcluding": "3.28", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan."}, {"lang": "es", "value": "En Libreswan versi\u00f3n anterior a 3.28, un fallo de aserci\u00f3n puede llevar a un reinicio del componente pluto IKE daemon. Un atacante puede iniciar una desreferencia de puntero NULL enviando dos paquetes IKEv2 (init_IKE y delete_IKE) en modo 3des_cbc a un servidor Libreswan. Esto afecta a send_v2N_spi_response_from_state en pprograms/pluto/ikev2_send.c cuando se crea con Network Security Services (NSS)."}], "id": "CVE-2019-12312", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-24T14:29:00.230", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.iwantacve.cn/index.php/archives/218/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libreswan/libreswan/compare/9b1394e...3897683"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/libreswan/libreswan/issues/246"}, {"source": "cve@mitre.org", "url": "https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt"}, {"source": "cve@mitre.org", "url": "https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}, {"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}