Veracode Vulnerability DatabaseVERACODE:22949Denial Of Service (DoS)
0.005 Low
EPSS
Percentile
75.4%
Libreswan is vulnerable to denial of services (DoS). The attack is due to lack of proper handling of memory, causing a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libreswan | eq | 3.27__9.el8 | |
| libreswan | eq | 3.27__9.el8 |
References
www.iwantacve.cn/index.php/archives/218/
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
access.redhat.com/errata/RHSA-2019:3391
access.redhat.com/security/cve/CVE-2019-12312
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1608353
bugzilla.redhat.com/show_bug.cgi?id=1679394
bugzilla.redhat.com/show_bug.cgi?id=1683706
bugzilla.redhat.com/show_bug.cgi?id=1699318
bugzilla.redhat.com/show_bug.cgi?id=1706180
bugzilla.redhat.com/show_bug.cgi?id=1712555
bugzilla.redhat.com/show_bug.cgi?id=1713734
bugzilla.redhat.com/show_bug.cgi?id=1714331
bugzilla.redhat.com/show_bug.cgi?id=1723957
github.com/libreswan/libreswan/compare/9b1394e...3897683
github.com/libreswan/libreswan/issues/246
libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt
libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch
Related
