CVE-2024-2357

EUVD-2024-27310
The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Debian logo
Debian Releases
Debian Product
Codename
libreswan
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
vulnerable
forky
5.2-2.2
fixed
sid
5.2-2.3
fixed
trixie
5.2-2.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libreswan
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
mantic
ignored
noble
needs-triage
oracular
not-affected
plucky
not-affected
questing
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libreswan
RHEL 9
0:4.12-2.el9_4
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
libreswan
Amazon Linux 2023
0:4.12-3.amzn2023.0.1
fixed
libreswan-debuginfo
Amazon Linux 2023
0:4.12-3.amzn2023.0.1
fixed
libreswan-debugsource
Amazon Linux 2023
0:4.12-3.amzn2023.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
libreswan
Azure Linux 3.0
0:4.15-1.azl3
fixed