Description

The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.

INFO

Published Date :

2024-04-11T01:32:13.433Z

Last Modified :

2026-02-27T15:19:48.988Z

Source :

libreswan
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3652 vulnerability.

Vendors Products
Libreswan
  • Libreswan
Redhat
  • Enterprise Linux
  • Openshift
  • Rhel Aus
  • Rhel E4s
  • Rhel Eus
  • Rhel Tus
REFERENCES

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact