CVE-2023-38711

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 25, 2023

Updated: Dec 12, 2023

CWE ID 476

Summary

CVE-2023-38711 is a vulnerability affecting Libreswan versions prior to 4.12. When processing IKEv1 Quick Mode connections with ID_IPV4_ADDR or ID_IPV6_ADDR and receiving an IDcr payload containing ID_FQDN, Libreswan experiences a NULL pointer dereference, resulting in a crash and restart of the pluto daemon. This issue poses a potential denial-of-service risk and should be addressed by updating to a patched version. The earliest known affected version is 4.6.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Libreswan

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sGnbQe
https://www.cve.org/CVERecord?id=CVE-2023-38711
https://nvd.nist.gov/vuln/detail/CVE-2023-38711

Back to Vulnerability Database

CVE-2023-38711

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations