Hello, I noticed I missed a few CVEs on libreswan recently as the project is not posting them here, I subscribed to their announce mailing-list to monitor that for work, and thought I could try to follow and post them here when there are new things. That being said, here is the latest one:
Vulnerability information ========================= The function compute_proto_keymat() did not handle unexpected proposals for which the keymat size is 0, such as AES-GMAC which can be used only with NULL encryption. The function ends up calling an assertion failure routine. No Remote Code Execution is possible. - CVE-2024-3652 - Advisory: https://libreswan.org/security/CVE-2024-3652/CVE-2024-3652.txt - Severity: Medium - Vulnerable versions: libreswan 3.22 - 4.14 - Not vulnerable: libreswan 3.0 - 3.21, 4.15+, 5.0+ -- David Morel
