Vulnerability DatabaseCVE-2023-38711
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-38711
August 25, 2023
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.
Related ResourcesĀ (6)
https://access.redhat.com/security/cve/CVE-2023-38711
https://libreswan.org/security/CVE-2023-38711/
https://github.com/libreswan/libreswan/commit/23b712f747f1eca68595fcb0852fc248d3460e41
https://github.com/libreswan/libreswan/tags
https://bugzilla.redhat.com/show_bug.cgi?id=2215952
https://security-tracker.debian.org/tracker/CVE-2023-38711
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
NULL Pointer Dereference
CWE-476
EPSS
Base Score:
0.06