The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.
libreswan.org/security/CVE-2024-2357
lists.fedoraproject.org/archives/list/[email protected]/message/EJZJYFHKBIJ4ZK5GAWWFFR3AKJS6O5JX/
lists.fedoraproject.org/archives/list/[email protected]/message/HEM46ALKF7NG6CAUKZ7KQERVOHWQIQKY/
lists.fedoraproject.org/archives/list/[email protected]/message/TVQ7MZY6LFFGRWAJNTKKN2VSEFS2VPAR/