Reachable assertion in libreswan

#VU88534 Reachable assertion in libreswan

Published: 2024-04-15 | Updated: 2024-04-23

Vulnerability identifier: #VU88534

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-3652

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libreswan
Universal components / Libraries / Libraries used by multiple products

Vendor: libreswan.org

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the compute_proto_keymat() function when handling IKEv1 packets within the default AH/ESP responder. A remote authenticated user can send specially crafted packets to the server and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libreswan: 3.22 - 4.14

External links
http://libreswan.org/security/CVE-2024-3652
http://github.com/libreswan/libreswan/releases/tag/v4.15

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler update for libreswan

Denial of service in libreswan