When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a null pointer dereference on the deleted state causes the pluto daemon to crash and restart. https://libreswan.org/security/CVE-2023-38712/CVE-2023-38712.txt
Vulnerable versions : libreswan 3.00 - 4.11 Not vulnerable : libreswan 4.12+ Vulnerable code was present from the first release of libreswan i.e libreswan v3.0 (likely the same vulnerability exists in all openswan versions)
This CVE is now public by upstream: https://libreswan.org/security/CVE-2023-38712/CVE-2023-38712.txt https://libreswan.org/security/CVE-2023-38712/CVE-2023-38712.patch
Created libreswan tracking bugs for this issue: Affects: fedora-all [bug 2230238]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6549 https://access.redhat.com/errata/RHSA-2023:6549
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7052 https://access.redhat.com/errata/RHSA-2023:7052