In Libreswan before 3.28, an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by sending two IKEv2 packets (init_IKE and delete_IKE) in 3des_cbc mode to a Libreswan server. This affects send_v2N_spi_response_from_state in programs/pluto/ikev2_send.c when built with Network Security Services (NSS). Reference: https://github.com/libreswan/libreswan/issues/246 Upstream commit: https://github.com/libreswan/libreswan/compare/9b1394e...3897683
Created strongswan tracking bugs for this issue: Affects: epel-all [bug 1716920]
Created libreswan tracking bugs for this issue: Affects: epel-6 [bug 1716921]
Created libreswan tracking bugs for this issue: Affects: fedora-all [bug 1716924] Created strongswan tracking bugs for this issue: Affects: fedora-all [bug 1716925]
correction: only version 3.27 is vulnerable. versions older and later are not vulnerable. See https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt
why were strongswan bugs created for this? strongswan is not known to be vulnerable. We did not test it for this. The code involved in libreswan was never part of strongswan
Upstream patch: https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt
(In reply to msiddiqu from comment #8) > Upstream patch: > > https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312. > patch > https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt This is for libreswan. The vulnerability report never mentions strongswan. Please reopen if you can show how strongswan is affected by this.