CVE-2023-38711

CVE-2023-38711

Name

CVE-2023-38711

Description

An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/libreswan/libreswan/tags
MISC	https://libreswan.org/security/CVE-2023-38711/

Type

URI

MISC

https://github.com/libreswan/libreswan/tags

MISC

https://libreswan.org/security/CVE-2023-38711/

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a

CPE URI

Source package

Min version

Max version

n/a

== n/a

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libreswan	edge-community	4.12-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
libreswan	3.22-community	4.12-r0	None	fixed
libreswan	3.21-community	4.12-r0	None	fixed
libreswan	3.20-community	4.12-r0	None	fixed
libreswan	3.19-community	4.12-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
libreswan	3.18-community	4.11-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libreswan

edge-community

4.12-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

libreswan

3.22-community