libreswan can crash and restart when it is acting as an IKEv1 responder with AH/ESP default setting, when no esp= line is present in the connection configuration. The bug is triggered when after IKEv1 authentication has succeeded (via Main Mode or Aggressive Mode), a Quick Mode message is received containing a bogus AES-GMAC proposal. When such a connection is automatically added on startup using the auto=keyword, it can cause repeated crashes leading to a Denial of Service. No Remote Code Execution is possible. IKEv2 connections are not vulnerable. Vulnerable versions : libreswan 3.22 - 4.14 https://libreswan.org/security/CVE-2024-3652 https://github.com/libreswan/libreswan/issues/1665
Created libreswan tracking bugs for this issue: Affects: fedora-all [bug 2275403]