Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
NULL pointer dereference and pluto daemon restart in Libreswan 3.27 #246
Hello, I triggered a vulnerability while testing the Libreswan 3.27 IKEv2 server.
The pluto IKE daemon will restart (due to NULL pointer dereference when built with NSS) by sending two IKEv2 packets which are init_IKE and delete_IKE in 3des_cbc mode to Libreswan server.
A detailed interactive process is as follows:
First, send the first init_IKE message to the server.
The server replies the init_IKE message to the client.
Then send a delete_IKE message (encrypted) to the server.
The server tries to respond INVALID_IKE_SPI to the client, but an exception occurred while preparing to encrypt the message.
#### detailed packets
Looking forward to your reply, thank you.