NULL pointer dereference in libreswan - CVE-2026-14957

 

NULL pointer dereference in libreswan - CVE-2026-14957

Published: July 18, 2026


Vulnerability identifier: #VU138388
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-14957
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: libreswan.org
Affected software:
libreswan

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper handling of a null return value in certificate public key extraction in programs/pluto/nss_cert_verify.c when processing a malformed X.509 CERT payload in FIPS mode. A remote attacker can send a specially crafted certificate payload to cause a denial of service.

Exploitation is only possible when the OS and libreswan are running in FIPS mode and at least one CA certificate is loaded. CERT payloads can be processed before peer authentication, and both IKEv1 and IKEv2 are affected.


How to mitigate CVE-2026-14957

Install security update from vendor's website.

Sources