CVE-2024-2357

Name
CVE-2024-2357
Description
The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vendor-advisory https://libreswan.org/security/CVE-2024-2357
d42dc95b-23f1-4e06-9076-20753a0fb0df https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJZJYFHKBIJ4ZK5GAWWFFR3AKJS6O5JX/
d42dc95b-23f1-4e06-9076-20753a0fb0df https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEM46ALKF7NG6CAUKZ7KQERVOHWQIQKY/
d42dc95b-23f1-4e06-9076-20753a0fb0df https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVQ7MZY6LFFGRWAJNTKKN2VSEFS2VPAR/

Match rules

CPE URI Source package Min version Max version
libreswan >= 3.0 <= 4.1
libreswan >= 4.2 <= 4.12
libreswan == 5.0 == 5.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libreswan edge-community 5.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libreswan 3.20-community 5.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed