CVE-2024-3652

The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.

References

Affected packages

Debian:11 / libreswan

Package

Name: libreswan
Purl: pkg:deb/debian/libreswan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3-1

4.3-1+deb11u1

4.3-1+deb11u3

4.3-1+deb11u4

4.5-1

4.5-2

4.6-1

4.7-1

4.9-1

4.9-2

4.10-1

4.10-2

4.11-1

4.12-1

4.12-2

4.12-3

4.14-1

4.14-1.1

4.15-1

5.*

5.0~rc2-1

5.0~rc2-2

5.2-1

5.2-2

5.2-2.1

5.2-2.2

Ecosystem specific

{
    "urgency": "end-of-life"
}

Debian:12 / libreswan

Package

Name: libreswan
Purl: pkg:deb/debian/libreswan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.10-2

4.10-2+deb12u1

4.11-1

4.12-1

4.12-2

4.12-3

4.14-1

4.14-1.1

4.15-1

5.*

5.0~rc2-1

5.0~rc2-2

5.2-1

5.2-2

5.2-2.1

5.2-2.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libreswan

Package

Name: libreswan
Purl: pkg:deb/debian/libreswan?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libreswan/libreswan

Affected ranges

Type: GIT
Repo: https://github.com/libreswan/libreswan
Events: Introduced

8c50902106b3c36e882ae5611155475c6f4c0222

Fixed

960fdc2d5f17cd049a56c257b738bb964cea3eb5

Affected versions

v3.*

v3.22

v3.25

v3.26

v3.27

v3.28

v3.30

v4.*

v4.0

v4.1

v4.10

v4.11

v4.12

v4.13

v4.13rc1

v4.14

v4.2

v4.3

v4.4

v4.5

v4.6

v4.7

v4.8

v4.9