CVE-2023-38712
Summary
| CVE | CVE-2023-38712 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-25 21:15:00 UTC |
| Updated | 2023-08-31 00:37:00 UTC |
| Description | An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. |
Risk And Classification
Problem Types: CWE-476
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Index of /security/CVE-2023-38712/ | MISC | libreswan.org | |
| Tags · libreswan/libreswan · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161115 Oracle Enterprise Linux Security Update for libreswan (ELSA-2023-6549)
- 161181 Oracle Enterprise Linux Security Update for libreswan (ELSA-2023-7052)
- 242396 Red Hat Update for libreswan (RHSA-2023:6549)
- 242409 Red Hat Update for libreswan (RHSA-2023:7052)
- 284426 Fedora Security Update for libreswan (FEDORA-2023-ddd6e6b49b)
- 284427 Fedora Security Update for libreswan (FEDORA-2023-dbc6d8a124)
- 356434 Amazon Linux Security Advisory for libreswan : ALAS2-2023-2299
- 379626 Alibaba Cloud Linux Security Update for libreswan (ALINUX3-SA-2024:0039)
- 506109 Alpine Linux Security Update for libreswan
- 907263 Common Base Linux Mariner (CBL-Mariner) Security Update for libreswan (28066-1)
- 941393 AlmaLinux Security Update for libreswan (ALSA-2023:6549)
- 941474 AlmaLinux Security Update for libreswan (ALSA-2023:7052)