Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-38711

An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.

Published

2023-08-25T21:15:08.230

Last Modified

2024-11-21T08:14:06.280

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-476
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application libreswan libreswan < 4.12 Yes
References