The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
The product does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libreswan | Libreswan | * | 3.29 (excluding) |
| Strongswan | Strongswan | * | 5.0.0 (excluding) |
| Openswan | Xelerance | * | * |
| Red Hat Enterprise Linux 8 | RedHat | libreswan-0:3.29-6.el8 | * |
| Libreswan | Ubuntu | bionic | * |
| Libreswan | Ubuntu | cosmic | * |
| Libreswan | Ubuntu | devel | * |
| Libreswan | Ubuntu | disco | * |
| Libreswan | Ubuntu | eoan | * |
| Libreswan | Ubuntu | esm-apps/bionic | * |
| Libreswan | Ubuntu | focal | * |
| Libreswan | Ubuntu | groovy | * |
| Libreswan | Ubuntu | hirsute | * |
| Libreswan | Ubuntu | impish | * |
| Libreswan | Ubuntu | jammy | * |
| Libreswan | Ubuntu | kinetic | * |
| Libreswan | Ubuntu | lunar | * |
| Libreswan | Ubuntu | mantic | * |
| Libreswan | Ubuntu | noble | * |
| Libreswan | Ubuntu | oracular | * |
| Libreswan | Ubuntu | trusty | * |
| Libreswan | Ubuntu | upstream | * |