CVE-2024-3652

NameCVE-2024-3652
DescriptionThe Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1069194

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libreswan (PTS)bullseye4.3-1+deb11u4vulnerable
bullseye (security)4.3-1+deb11u3vulnerable
bookworm4.10-2+deb12u1vulnerable
sid, trixie4.14-1.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libreswansourcebullseye(unfixed)end-of-life
libreswansource(unstable)(unfixed)1069194

Notes

[bullseye] - libreswan <end-of-life> (see #1072527)
https://github.com/libreswan/libreswan/issues/1665
Fixed by: https://github.com/libreswan/libreswan/commit/03caa63de1e34c29dd3e7e835070d363ca197bfd
Patch: https://libreswan.org/security/CVE-2024-3652/CVE-2024-3652.patch
Advisory: https://libreswan.org/security/CVE-2024-3652/CVE-2024-3652.txt

Search for package or bug name: Reporting problems