CVE-2023-38711

Name
CVE-2023-38711
Description
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/libreswan/libreswan/tags
MISC https://libreswan.org/security/CVE-2023-38711/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:* libreswan >= 4.6 < 4.12

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libreswan 3.18-community 4.11-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libreswan 3.19-community 4.12-r0 Natanael Copa <ncopa@alpinelinux.org> fixed