An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
Advisories
Source ID Title
EUVD EUVD EUVD-2023-42487 An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 13 Feb 2025 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift
Redhat rhel Eus
CPEs cpe:/a:redhat:openshift:4.15::el9
cpe:/a:redhat:openshift:4.16::el9
cpe:/a:redhat:openshift:4.17::el9
cpe:/a:redhat:rhel_eus:9.2
Vendors & Products Redhat openshift
Redhat rhel Eus

Mon, 02 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0
Vendors & Products Redhat rhel E4s

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-02T17:46:56.799Z

Reserved: 2023-07-24T00:00:00

Link: CVE-2023-38712

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-08-25T21:15:08.293

Modified: 2024-11-21T08:14:06.427

Link: CVE-2023-38712

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-08-08T00:00:00Z

Links: CVE-2023-38712 - Bugzilla

cve-icon OpenCVE Enrichment

No data.