libreswan can crash and restart when it is acting as an IKEv1 responder with AH/ESP default setting, when no esp= line is present in the connection configuration. The bug is triggered when after IKEv1 authentication has succeeded (via Main Mode or Aggressive Mode), a Quick Mode message is received containing a bogus AES-GMAC proposal. When such a connection is automatically added on startup using the auto=keyword, it can cause repeated crashes leading to a Denial of Service. No Remote Code Execution is possible. IKEv2 connections are not vulnerable. Vulnerable versions : libreswan 3.22 - 4.14 https://libreswan.org/security/CVE-2024-3652 https://github.com/libreswan/libreswan/issues/1665
Created libreswan tracking bugs for this issue: Affects: fedora-all [bug 2275403]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:4050 https://access.redhat.com/errata/RHSA-2024:4050
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:4200 https://access.redhat.com/errata/RHSA-2024:4200
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:4377 https://access.redhat.com/errata/RHSA-2024:4377
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:4376 https://access.redhat.com/errata/RHSA-2024:4376
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:4417 https://access.redhat.com/errata/RHSA-2024:4417
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:4431 https://access.redhat.com/errata/RHSA-2024:4431