#VU88534 Reachable assertion in libreswan - CVE-2024-3652


| Updated: 2024-04-23

Vulnerability identifier: #VU88534

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-3652

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libreswan
Universal components / Libraries / Libraries used by multiple products

Vendor: libreswan.org

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the compute_proto_keymat() function when handling IKEv1 packets within the default AH/ESP responder. A remote authenticated user can send specially crafted packets to the server and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libreswan: 3.22 - 4.14

External links
https://libreswan.org/security/CVE-2024-3652
https://github.com/libreswan/libreswan/releases/tag/v4.15

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Junos Space update for third-party components
Anolis OS update for libreswan
Anolis OS update for libreswan
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.14
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.17
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16
Multiple vulnerabilities in Juniper Secure Analytics (JSA)
Multiple vulnerabilities in IBM QRadar SIEM
Amazon Linux AMI update for libreswan
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16