{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-38711", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T17:46:56.601Z", "dateReserved": "2023-07-24T00:00:00", "datePublished": "2023-08-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-25T20:30:07.355397"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/libreswan/libreswan/tags"}, {"url": "https://libreswan.org/security/CVE-2023-38711/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-22T19:44:03.355698Z", "id": "CVE-2023-38711", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T19:44:10.044Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:46:56.601Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/libreswan/libreswan/tags", "tags": ["x_transferred"]}, {"url": "https://libreswan.org/security/CVE-2023-38711/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-38711", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-07-22T19:44:10.044Z", "dateReserved": "2023-07-24T00:00:00", "datePublished": "2023-08-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-25T20:30:07.355397"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/libreswan/libreswan/tags"}, {"url": "https://libreswan.org/security/CVE-2023-38711/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38711", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-22T19:44:03.355698Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T19:44:06.545Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5090A30-05D9-4501-9E86-FF1024BB2A0F", "versionEndExcluding": "4.12", "versionStartIncluding": "4.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6."}, {"lang": "es", "value": "Se ha descubierto un problema en Libreswan anterior a 4.12. Cuando una conexi\u00f3n de modo r\u00e1pido IKEv1 configurada con ID_IPV4_ADDR o ID_IPV6_ADDR recibe una carga \u00fatil IDcr con ID_FQDN, una desviaci\u00f3n de puntero NULL provoca un bloqueo y reinicio del demonio pluto. NOTA: la primera versi\u00f3n afectada es la 4.6.\n"}], "id": "CVE-2023-38711", "lastModified": "2024-11-21T08:14:06.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-25T21:15:08.230", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/libreswan/libreswan/tags"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://libreswan.org/security/CVE-2023-38711/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/libreswan/libreswan/tags"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://libreswan.org/security/CVE-2023-38711/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7052", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreswan-0:4.12-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2023:6549", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libreswan-0:4.12-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2024:10594", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "libreswan-0:4.6-3.el9_0.3", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-12-02T00:00:00Z"}, {"advisory": "RHSA-2025:0309", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "libreswan-0:4.9-5.el9_2.4", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHBA-2024:11565", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "libreswan-0:4.6-3.el9_0.3", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2025-01-02T00:00:00Z"}, {"advisory": "RHBA-2024:11505", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "libreswan-0:4.6-3.el9_0.3", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-01-02T00:00:00Z"}, {"advisory": "RHBA-2024:11525", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "libreswan-0:4.6-3.el9_0.3", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2025-01-02T00:00:00Z"}], "bugzilla": {"description": "libreswan: Invalid IKEv1 Quick Mode ID causes restart", "id": "2215952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215952"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.", "A NULL pointer dereference flaw was found in Libreswan when processing IKEv1 Quick Mode requests. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, it triggers a NULL pointer dereference error. This flaw allows a malicious client or attacker to send a malformed IKEv1 Quick Mode packet, causing a crash and restart of the libreswan pluto daemon. When sent continuously, this issue leads to a denial of service attack."], "name": "CVE-2023-38711", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-08-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-38711\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38711\nhttps://github.com/libreswan/libreswan/releases/tag/v4.12\nhttps://libreswan.org/security/CVE-2023-38711/CVE-2023-38711.txt"], "statement": "IKEv1 Quick Mode requests are only processed when received from authenticated peers, limiting the scope of possible attackers to peers who have successfully authenticated.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "threat_severity": "Moderate"}

{}