Lucene search

Redhat.comRH:CVE-2024-3652

HistoryApr 17, 2024 - 1:03 p.m.

CVE-2024-3652

2024-04-1713:03:32

redhat.com

access.redhat.com

libreswan

assertion failure issue

compute_proto_keymat

authenticated attacker

denial of service

ikev1

ah/esp

vulnerability

mitigation

algorithm list

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the compute_proto_keymat() function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an authenticated attacker to send the bogus AES-GMAC proposal request, triggering the issue and causing Libreswan to crash and restart. When this connection is automatically added on startup using the auto= keyword, it can cause repeated crashes, leading to a denial of service. No remote code execution is possible.

Mitigation

An esp= line using a common IKEv1 algorithm list can be added to all IKEv1 based connections. An example of such an esp= line could be:

esp=aes-sha2_512,aes-sha1,aes-sha2_256,aes-md5,3des-sha1,3des-md5

References

bugzilla.redhat.com/show_bug.cgi?id=2274448

libreswan.org/security/CVE-2024-3652

nvd.nist.gov/vuln/detail/CVE-2024-3652

www.cve.org/CVERecord?id=CVE-2024-3652