CVE-2023-38712 - OpenCVE

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Libreswan	Libreswan

Configuration 1 [-]

OR	cpe:2.3:a:libreswan:libreswan::::::::
	cpe:2.3:a:libreswan:libreswan::::::::

References

Link	Resource
https://github.com/libreswan/libreswan/tags	Third Party Advisory
https://libreswan.org/security/CVE-2023-38712/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-25T00:00:00

Updated: 2023-08-25T20:31:56.483324

Reserved: 2023-07-24T00:00:00

Link: CVE-2023-38712

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-25T21:15:08.293

Modified: 2023-12-11T19:57:46.587

Link: CVE-2023-38712

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DF49694-9BD7-46A7-851B-F03CB49A9250", "versionEndExcluding": "4.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "8923F14F-CAAA-402E-8549-8250C9CADA4A", "versionEndExcluding": "4.12", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart."}, {"lang": "es", "value": "Se ha descubierto un problema en Libreswan 3.x y 4.x antes de 4.12. Cuando un paquete IKEv1 ISAKMP SA Informational Exchange contiene una carga \u00fatil Delete/Notify seguida de m\u00e1s Notifies que act\u00faan sobre el ISAKMP SA, como un mensaje Delete/Notify duplicado, una desviaci\u00f3n de puntero NULL en el estado eliminado hace que el demonio pluto se bloquee y se reinicie.\n"}], "id": "CVE-2023-38712", "lastModified": "2023-12-11T19:57:46.587", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-25T21:15:08.293", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/libreswan/libreswan/tags"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://libreswan.org/security/CVE-2023-38712/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}