CVE-2019-12312 – In Libreswan before 3.28, an assertion failure can lead to a pluto IKE daemon restart. An …

Vuln ID: CVE-2019-12312

Published:  2019-05-24  14:29:00Z

Description: In Libreswan before 3.28, an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by sending two IKEv2 packets (init_IKE and delete_IKE) in 3des_cbc mode to a Libreswan server. This affects send_v2N_spi_response_from_state in programs/pluto/ikev2_send.c when built with Network Security Services (NSS).

Source: NVD.NIST.GOV

 

Tags