{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-38712", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T17:46:56.799Z", "dateReserved": "2023-07-24T00:00:00", "datePublished": "2023-08-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-25T20:31:56.483324"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/libreswan/libreswan/tags"}, {"url": "https://libreswan.org/security/CVE-2023-38712/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:46:56.799Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/libreswan/libreswan/tags", "tags": ["x_transferred"]}, {"url": "https://libreswan.org/security/CVE-2023-38712/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DF49694-9BD7-46A7-851B-F03CB49A9250", "versionEndExcluding": "4.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "8923F14F-CAAA-402E-8549-8250C9CADA4A", "versionEndExcluding": "4.12", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart."}, {"lang": "es", "value": "Se ha descubierto un problema en Libreswan 3.x y 4.x antes de 4.12. Cuando un paquete IKEv1 ISAKMP SA Informational Exchange contiene una carga \u00fatil Delete/Notify seguida de m\u00e1s Notifies que act\u00faan sobre el ISAKMP SA, como un mensaje Delete/Notify duplicado, una desviaci\u00f3n de puntero NULL en el estado eliminado hace que el demonio pluto se bloquee y se reinicie.\n"}], "id": "CVE-2023-38712", "lastModified": "2024-11-21T08:14:06.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-25T21:15:08.293", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/libreswan/libreswan/tags"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://libreswan.org/security/CVE-2023-38712/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/libreswan/libreswan/tags"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://libreswan.org/security/CVE-2023-38712/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7052", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreswan-0:4.12-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2023:6549", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libreswan-0:4.12-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2024:10594", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "libreswan-0:4.6-3.el9_0.3", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-12-02T00:00:00Z"}, {"advisory": "RHSA-2025:0309", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "libreswan-0:4.9-5.el9_2.4", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHBA-2024:11565", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "libreswan-0:4.6-3.el9_0.3", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2025-01-02T00:00:00Z"}, {"advisory": "RHBA-2024:11505", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "libreswan-0:4.6-3.el9_0.3", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-01-02T00:00:00Z"}, {"advisory": "RHBA-2024:11525", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "libreswan-0:4.6-3.el9_0.3", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2025-01-02T00:00:00Z"}], "bugzilla": {"description": "libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart", "id": "2225369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225369"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.", "A NULL pointer dereference vulnerability was found in the Libreswan package. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state occurs. This flaw allows a malicious client or attacker to send a malformed IKEv1 Delete/Notify packet, causing a crash and restarting the libreswan pluto daemon. When sent continuously, this could lead to a denial of service attack."], "name": "CVE-2023-38712", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "openswan", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-08-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-38712\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38712\nhttps://github.com/libreswan/libreswan/releases/tag/v4.12\nhttps://libreswan.org/security/CVE-2023-38712/CVE-2023-38712.txt"], "statement": "IKEv1 Delete/Notify requests are only processed when received from authenticated peers, limiting the scope of possible attackers to peers who have successfully authenticated.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "threat_severity": "Moderate"}

{}