CVE-2023-38712
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-38712
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38712.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-38712
- Related
- Published
- 2023-08-25T21:15:08Z
- Modified
- 2024-10-05T05:50:28.113989Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
- References
Affected packages
Debian:11 / libreswan
Package
- Name
- libreswan
- Purl
- pkg:deb/debian/libreswan?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:12 / libreswan
Package
- Name
- libreswan
- Purl
- pkg:deb/debian/libreswan?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / libreswan
Package
- Name
- libreswan
- Purl
- pkg:deb/debian/libreswan?arch=source
Git / github.com/libreswan/libreswan
Affected versions
debian/3.*
debian/3.18-1
debian/3.19-1
debian/3.19-2
debian/3.20-1
debian/3.20-2
debian/3.20-3
debian/3.20-4
debian/3.20-5
debian/3.20-6
debian/3.20-7
debian/3.21-1
debian/3.21_rc2-1
debian/3.21_rc5-1
v3.*
v3.0
v3.1
v3.10
v3.10dr1
v3.10rc1
v3.10rc2
v3.11
v3.11dr1
v3.12
v3.12rc1
v3.14
v3.14rc1
v3.14rc2
v3.14rc3
v3.15
v3.16
v3.16rc2
v3.16rc3
v3.17
v3.18
v3.18dr2
v3.18dr3
v3.19
v3.2
v3.20
v3.20dr3
v3.20dr4
v3.21
v3.21_rc2
v3.21_rc5
v3.21rc2
v3.21rc5
v3.22
v3.22dr1
v3.25
v3.26
v3.27
v3.28
v3.2rc1
v3.3
v3.30
v3.4
v3.5
v3.6
v3.7
v3.8
v3.9
v3.9rc1