Описание
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libreswan | fixed | 4.15-1 | package | |
| libreswan | end-of-life | bullseye | package |
Примечания
https://github.com/libreswan/libreswan/issues/1665
Fixed by: https://github.com/libreswan/libreswan/commit/5101913b1e623121a9222f11eefa18f0a2708b00 (v4.15)
Fixed by: https://github.com/libreswan/libreswan/commit/03caa63de1e34c29dd3e7e835070d363ca197bfd (v5.1)
Patch: https://libreswan.org/security/CVE-2024-3652/CVE-2024-3652.patch
Advisory: https://libreswan.org/security/CVE-2024-3652/CVE-2024-3652.txt
EPSS
Связанные уязвимости
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
EPSS