NULL pointer dereference in libreswan - CVE-2026-14957
Published: July 18, 2026
libreswan
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper handling of a null return value in certificate public key extraction in programs/pluto/nss_cert_verify.c when processing a malformed X.509 CERT payload in FIPS mode. A remote attacker can send a specially crafted certificate payload to cause a denial of service.
Exploitation is only possible when the OS and libreswan are running in FIPS mode and at least one CA certificate is loaded. CERT payloads can be processed before peer authentication, and both IKEv1 and IKEv2 are affected.