First published: Mon Jun 19 2023(Updated: )
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Libreswan Libreswan | >=4.6<4.12 | |
redhat/libreswan | <4.12 | 4.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-38711 is a vulnerability in Libreswan versions before 4.12 that can cause a crash and restart of the pluto daemon when an IKEv1 Quick Mode connection receives an IDcr payload with ID_FQDN.
The severity of CVE-2023-38711 is high, with a CVSS severity score of 7.5.
Libreswan versions from 4.6 to 4.12 are affected by CVE-2023-38711.
To fix CVE-2023-38711, update Libreswan to version 4.12 or later.
You can find more information about CVE-2023-38711 on the Libreswan GitHub page and the Libreswan security advisory page.