Back to search
CVE-2019-12312
Published: May 24, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.iwantacve.cn/index.php/archives/218/
x_refsource_MISC
https://github.com/libreswan/libreswan/issues/246
x_refsource_MISC
https://github.com/libreswan/libreswan/compare/9b1394e...3897683
x_refsource_MISC
https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now