Bug 1146876 - (CVE-2019-12312) VUL-1: CVE-2019-12312: strongswan: libreswan: null-pointer dereference by sending two IKEv2 packets
(CVE-2019-12312)
VUL-1: CVE-2019-12312: strongswan: libreswan: null-pointer dereference by sen...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Madhu Mohan Nelemane
Security Team bot
https://smash.suse.de/issue/233755/
CVSSv3:SUSE:CVE-2019-12312:4.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-22 14:39 UTC by Wolfgang Frisch
Modified: 2020-06-08 19:15 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-08-22 14:39:12 UTC
CVE-2019-12312

In Libreswan before 3.28, an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by sending two IKEv2 packets (init_IKE and delete_IKE) in 3des_cbc mode to a Libreswan server. This affects send_v2N_spi_response_from_state in programs/pluto/ikev2_send.c when built with Network Security Services (NSS).

Reference:
https://github.com/libreswan/libreswan/issues/246

Upstream commit:
https://github.com/libreswan/libreswan/compare/9b1394e...3897683

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1716918
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12312
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12312.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12312
http://www.iwantacve.cn/index.php/archives/218/
https://github.com/libreswan/libreswan/compare/9b1394e...3897683
https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt
https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch
https://github.com/libreswan/libreswan/issues/246
Comment 1 Wolfgang Frisch 2019-08-22 14:44:21 UTC
This CVE only affects libreswan.
Strongswan is not vulnerable.