Vulnerabilities > CVE-2023-38711 - NULL Pointer Dereference vulnerability in Libreswan

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

libreswan

CWE-476

NVD

Published: 2023-08-25

Updated: 2023-12-12

Summary

An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.

Vulnerable Configurations

Part	Description	Count
Application	Libreswan Libreswan Libreswan 4.6 Libreswan Libreswan 4.7 Libreswan Libreswan 4.8 Libreswan Libreswan 4.9 Libreswan Libreswan 4.9-1.El8 Libreswan Libreswan 4.9-1.El9 Libreswan Libreswan 4.10 Libreswan Libreswan 4.11	8

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/libreswan/libreswan/tags
https://libreswan.org/security/CVE-2023-38711/