CVE-2024-3652

MEDIUM 6.5

IKEv1 default AH/ESP responder can cause libreswan to abort and restart

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.

Vendor	the libreswan project (www.libreswan.org)
Product	libreswan
Published	Apr 11, 2024
Last Updated	Feb 27, 2026

Stay Ahead of the Next One

Get instant alerts for the libreswan project (www.libreswan.org) libreswan

Be the first to know when new medium vulnerabilities affecting the libreswan project (www.libreswan.org) libreswan are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

The Libreswan Project (www.libreswan.org) / libreswan

3.22 ≤ 4.14

References

NVD ↗ CVE.org ↗ EPSS Data ↗

libreswan.org: https://libreswan.org/security/CVE-2024-3652 openwall.com: http://www.openwall.com/lists/oss-security/2024/04/18/2

Credits

github user X1AOxiang