CVE-2024-2357 IKEv2 misconfiguration can cause libreswan to abort and restart

2024-03-1119:39:03

libreswan

github.com

cve-2024-2357

ikev2

misconfiguration

libreswan

restart

presharedkeys

denial of service

AI Score

6.6

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.

CNA Affected

[
  {
    "vendor": "The Libreswan Project (www.libreswan.org)",
    "product": "libreswan",
    "versions": [
      {
        "status": "unaffected",
        "version": "3.0",
        "versionType": "semver",
        "lessThanOrEqual": "4.1"
      },
      {
        "status": "affected",
        "version": "4.2",
        "versionType": "semver",
        "lessThanOrEqual": "4.12"
      },
      {
        "status": "unaffected",
        "version": "5.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]