Vulnerability Details : CVE-2019-12312
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.
Vulnerability category: Memory Corruption
Products affected by CVE-2019-12312
- cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-12312
0.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-12312
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-12312
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-12312
-
https://github.com/libreswan/libreswan/issues/246
NULL pointer dereference and pluto daemon restart in Libreswan 3.27 · Issue #246 · libreswan/libreswan · GitHubThird Party Advisory
-
https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch
-
https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt
-
https://github.com/libreswan/libreswan/compare/9b1394e...3897683
Comparing 9b1394e...3897683 · libreswan/libreswan · GitHubPatch;Third Party Advisory
-
http://www.iwantacve.cn/index.php/archives/218/
CVE-2019-12312:NULL pointer dereference and IKE pluto daemon restart in Libreswan 3.27 - CVE中文申请站Exploit;Third Party Advisory
Jump to