Lucene search

K
redhatcveRedhat.comRH:CVE-2024-3652
HistoryApr 17, 2024 - 1:03 p.m.

CVE-2024-3652

2024-04-1713:03:32
redhat.com
access.redhat.com
20
libreswan
assertion failure issue
compute_proto_keymat
authenticated attacker
denial of service
ikev1
ah/esp
vulnerability
mitigation
algorithm list

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the compute_proto_keymat() function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an authenticated attacker to send the bogus AES-GMAC proposal request, triggering the issue and causing Libreswan to crash and restart. When this connection is automatically added on startup using the auto= keyword, it can cause repeated crashes, leading to a denial of service. No remote code execution is possible.

Mitigation

An esp= line using a common IKEv1 algorithm list can be added to all IKEv1 based connections. An example of such an esp= line could be:

esp=aes-sha2_512,aes-sha1,aes-sha2_256,aes-md5,3des-sha1,3des-md5  

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%