The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | libreswan | <= 4.10-2+deb12u1 | libreswan_4.10-2+deb12u1_all.deb |
Debian | 11 | all | libreswan | <= 4.3-1+deb11u4 | libreswan_4.3-1+deb11u4_all.deb |
Debian | 10 | all | libreswan | <= 3.27-6+deb10u1 | libreswan_3.27-6+deb10u1_all.deb |
Debian | 999 | all | libreswan | < 4.14-1 | libreswan_4.14-1_all.deb |
Debian | 13 | all | libreswan | < 4.14-1 | libreswan_4.14-1_all.deb |