CVE-2023-38711

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 25, 2023
Updated: Dec 12, 2023
CWE ID 476

Summary

CVE-2023-38711 is a vulnerability affecting Libreswan versions prior to 4.12. When processing IKEv1 Quick Mode connections with ID_IPV4_ADDR or ID_IPV6_ADDR and receiving an IDcr payload containing ID_FQDN, Libreswan experiences a NULL pointer dereference, resulting in a crash and restart of the pluto daemon. This issue poses a potential denial-of-service risk and should be addressed by updating to a patched version. The earliest known affected version is 4.6.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share