The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.
[
{
"vendor": "The Libreswan Project (www.libreswan.org)",
"product": "libreswan",
"versions": [
{
"status": "unaffected",
"version": "3.0",
"versionType": "semver",
"lessThanOrEqual": "4.1"
},
{
"status": "affected",
"version": "4.2",
"versionType": "semver",
"lessThanOrEqual": "4.12"
},
{
"status": "unaffected",
"version": "5.0"
}
],
"defaultStatus": "unaffected"
}
]
libreswan.org/security/CVE-2024-2357
lists.fedoraproject.org/archives/list/[email protected]/message/EJZJYFHKBIJ4ZK5GAWWFFR3AKJS6O5JX/
lists.fedoraproject.org/archives/list/[email protected]/message/HEM46ALKF7NG6CAUKZ7KQERVOHWQIQKY/
lists.fedoraproject.org/archives/list/[email protected]/message/TVQ7MZY6LFFGRWAJNTKKN2VSEFS2VPAR/