Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 912176 (CVE-2023-38710, CVE-2023-38711, CVE-2023-38712) - <net-vpn/libreswan-4.12: DoS vulnerabilities
Summary: <net-vpn/libreswan-4.12: DoS vulnerabilities
Alias: CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on: 913538
  Show dependency tree
Reported: 2023-08-12 09:07 UTC by Hans de Graaff
Modified: 2023-09-18 05:39 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hans de Graaff gentoo-dev Security 2023-08-12 09:07:26 UTC
The Libreswan Project has released libreswan-4.12

This is a security release that addresses three minor CVEs and a bugfix:

CVE-2023-38710: Invalid IKEv2 REKEY proposal causes restart
CVE-2023-38711: Invalid IKEv1 Quick Mode ID causes restart
CVE-2023-38712: Invalid IKEv1 repeat IKE SA delete causes crash and restart

All three CVEs require the peer has fully authenticated before the
malicious misformed payload can be send. Therefor, these CVEs mostly
affect remote access VPN services.

For details and patches see:
Comment 1 Hans de Graaff gentoo-dev Security 2023-08-12 09:10:22 UTC
commit 66adb119e97f4b2edb698e80cf5748ed2e99dec9
Author: Hans de Graaff <>
Date:   Fri Aug 11 08:58:26 2023 +0200

    net-vpn/libreswan: add 4.12
Comment 2 Larry the Git Cow gentoo-dev 2023-09-18 05:38:47 UTC
The bug has been referenced in the following commit(s):

commit 88e5a0367b8d1e16d517e9e27b9e2af435720ef1
Author:     Hans de Graaff <>
AuthorDate: 2023-09-18 05:38:17 +0000
Commit:     Hans de Graaff <>
CommitDate: 2023-09-18 05:38:44 +0000

    net-vpn/libreswan: drop 4.11
    Signed-off-by: Hans de Graaff <>

 net-vpn/libreswan/Manifest              |   1 -
 net-vpn/libreswan/libreswan-4.11.ebuild | 131 --------------------------------
 2 files changed, 132 deletions(-)