Vulnerability Details CVE-2019-12312
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.iwantacve.cn/index.php/archives/218/
- https://github.com/libreswan/libreswan/compare/9b1394e...3897683
- https://github.com/libreswan/libreswan/issues/246
- https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt
- https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch
- http://www.iwantacve.cn/index.php/archives/218/
- https://github.com/libreswan/libreswan/compare/9b1394e...3897683
- https://github.com/libreswan/libreswan/issues/246
- https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt
- https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch
Products affected by CVE-2019-12312
-
cpe:2.3:a:libreswan:libreswan:3.0
-
cpe:2.3:a:libreswan:libreswan:3.1
-
cpe:2.3:a:libreswan:libreswan:3.10
-
cpe:2.3:a:libreswan:libreswan:3.11
-
cpe:2.3:a:libreswan:libreswan:3.12
-
cpe:2.3:a:libreswan:libreswan:3.14
-
cpe:2.3:a:libreswan:libreswan:3.16
-
cpe:2.3:a:libreswan:libreswan:3.17
-
cpe:2.3:a:libreswan:libreswan:3.18
-
cpe:2.3:a:libreswan:libreswan:3.19
-
cpe:2.3:a:libreswan:libreswan:3.2
-
cpe:2.3:a:libreswan:libreswan:3.20
-
cpe:2.3:a:libreswan:libreswan:3.21
-
cpe:2.3:a:libreswan:libreswan:3.23
-
cpe:2.3:a:libreswan:libreswan:3.25
-
cpe:2.3:a:libreswan:libreswan:3.26
-
cpe:2.3:a:libreswan:libreswan:3.27
-
cpe:2.3:a:libreswan:libreswan:3.3
-
cpe:2.3:a:libreswan:libreswan:3.4
-
cpe:2.3:a:libreswan:libreswan:3.5
-
cpe:2.3:a:libreswan:libreswan:3.6
-
cpe:2.3:a:libreswan:libreswan:3.7
-
cpe:2.3:a:libreswan:libreswan:3.9