======================================================================
CVE-2026-12413: IKEv2 Denial of Service via malformed fragmentation
======================================================================

This alert (and any updates) are available at the following URLs:
https://libreswan.org/security/CVE-2026-12413

The Libreswan Project was notified of an issue when it receives an
invalidly formatted IKEv2 fragment causing the server to crash and
restart.  A continued stream of such packets would cause a denial
of service.

Severity: Medium
Vulnerable versions : 4.6 - 5.3
Not vulnerable      : 5.3.1 or later

Vulnerability details
=====================
The function reassemble_v2_incoming_fragments() would ignore unknown
outer payloads but still store these in a fixed size array
msg_digest.digest[PAYLIMIT]. An assertion is then used:

 	PASSERT(logger, md->digest_roof < elemsof(md->digest))

which should have been:

 	PASSERT(logger, md->digest_roof <= elemsof(md->digest))

The assertion causes the daemon to abort and restart. No RCE is possible.

Exploitation
============
Any configuration that allows IKEv2 connections that do not set
fragmentation=no are vulnerable. IKEv1 is not affected.


Workaround
==========
If fragmentation is not needed, fragmentation=no can be added to all IKEv2
configurations. If fragmentation is needed, no workaround is possible and
the above shown fix needs to be applied.

History
=======
* 16-06-2026 Libreswan was notified of the issue via security@libreswan.org.
* 16-06-2026 Advanced notice given to supported customers and distributions.
* 24-06-2026 Public announcement and release of libreswan 5.3.1.

Credits
=======
This vulnerability was found and reported by Hu Xinyao.

Upgrading
=========
To address this vulnerability, please upgrade to libreswan 5.3.1 or later.

Patches
=======
For those who cannot upgrade, patches for libreswan 4.15 and 5.3 are
available at: https://libreswan.org/security/CVE-2026-21413/

About libreswan (https://libreswan.org/)
========================================
Libreswan is a free implementation of the Internet Key Exchange (IKE)
protocols IKEv1 and IKEv2. It is a descendant (continuation fork) of
openswan 2.6.38. IKE is used to establish IPsec VPN connections.

IPsec uses strong cryptography to provide both authentication and
encryption services. These services allow you to build secure tunnels
through untrusted networks. Everything passing through the untrusted
network is encrypted by the IPsec gateway machine, and decrypted by
the gateway at the other end of the tunnel. The resulting tunnel is a
virtual private network (VPN).


