
Release date: Monday, August 8, 2023
Contact: security@libreswan.org
PGP key: 907E790F25C1E8E561CD73B585FF4B43B30FC6F9

===========================================================================
CVE-2023-38710: Invalid IKEv2 REKEY proposal causes restart
===========================================================================

This alert (and any updates) are available at the following URLs:
https://libreswan.org/security/CVE-2023-38710/

The Libreswan Project was notified by "X1AOxiang" of an issue with receiving
a malformed IKEv2 REKEY packet would cause a crash and restart of the libreswan
pluto daemon. When sent continuously, this could lead to a denial of service attack.

Severity: Medium
Vulnerable versions : libreswan 3.20 - 4.11
Not vulnerable      : libreswan 3.0 - 3.19, 4.12+

Vulnerability information
=========================
When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number
of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's
protocol ID is copied from the incoming packet, but the code that verifies
outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3)
and causes the pluto daemon to crash and restart.

Exploitation
============
IKEv2 REKEY requests are only processed when received from authenticated peers,
limiting the scope of possible attackers to peers who have successfully
authenticated.

Workaround
==========
There is no workarounds, please apply the supplied patches or upgrade.

History
=======
* 2017 Vulnerable code introduced in libreswan 3.20
* 2023-06-07 Report received via Red Hat
* 2023-07-19 Prerelease of CVE notification and patches to support customers
* 2023-08-04 Release of patch and libreswan 4.12

Credits
=======
This vulnerability was found and reported by X1AOxiang to Red Hat. Thanks to
Daiki Ueno for contacting the Libreswan Project.

Upgrading
=========
To address this vulnerability, please upgrade to libreswan 4.12 or later.
For those who cannot upgrade, patches are provided at the above URL.


About libreswan (https://libreswan.org/)
========================================
Libreswan is a free implementation of the Internet Key Exchange (IKE)
protocols IKEv1 and IKEv2. It is a descendant (continuation fork) of
openswan 2.6.38. IKE is used to establish IPsec VPN connections.

IPsec uses strong cryptography to provide both authentication and
encryption services. These services allow you to build secure tunnels
through untrusted networks. Everything passing through the untrusted
network is encrypted by the IPsec gateway machine, and decrypted by
the gateway at the other end of the tunnel. The resulting tunnel is a
virtual private network (VPN).

Patches
=======
Due to the size of the patches, it is not included inline to this advisory,
but are available at https://libreswan.org/security/CVE-2023-38710/

