CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2295 – libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux
https://notcve.org/view.php?id=CVE-2023-2295
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. • https://access.redhat.com/errata/RHSA-2023:3107 https://access.redhat.com/errata/RHSA-2023:3148 https://access.redhat.com/security/cve/CVE-2023-2295 https://bugzilla.redhat.com/show_bug.cgi?id=2189777 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30570 – libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan
https://notcve.org/view.php?id=CVE-2023-30570
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. • https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt https://access.redhat.com/security/cve/CVE-2023-30570 https://bugzilla.redhat.com/show_bug.cgi?id=2187165 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-23009 – libreswan: remote DoS via crafted TS payload with an incorrect selector length
https://notcve.org/view.php?id=CVE-2023-23009
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. A flaw was found in the Libreswan package. A crafted TS payload with an incorrect selector length may allow a remote attacker to cause a denial of service. • https://github.com/libreswan/libreswan/issues/954 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MFOIQX2LRL43P3GJT33DE7G7COHNXDN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSMYJH7MC2FZGCY5NH5AXULO3ISXIHOF https://www.debian.org/security/2023/dsa-5368 https://access.redhat.com/security/cve/CVE-2023-23009 https://bugzilla.redhat.com/show_bug.cgi?id=2173610 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2022-23094 – libreswan: Malicious IKEv1 packet can cause libreswan to restart
https://notcve.org/view.php?id=CVE-2022-23094
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. Libreswan versiones 4.2 hasta 4.5, permite a atacantes remotos causar una denegación de servicio (desreferencia del puntero NULL y bloqueo del demonio) por medio de un paquete IKEv1 diseñado porque el archivo pluto/ikev1.c espera erróneamente que sea presentado un objeto de estado. Esto ha sido corregido en versión 4.6 A vulnerability was found in libreswan. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference issue, leading to a crash of the pluto daemon. • https://github.com/libreswan/libreswan/issues/585 https://libreswan.org/security/CVE-2022-23094 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP https://www.debian.org/security/2022/dsa-5048 https://access.redhat.com/security/cve/CVE-2022-23094 https://bugzilla.redhat.com/show_bug.cgi?id=2036898 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1763 – libreswan: DoS attack via malicious IKEv1 informational exchange message
https://notcve.org/view.php?id=CVE-2020-1763
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. Un fallo de lectura de búfer fuera de límites fue detectado en el demonio pluto de libreswan versiones 3.27 hasta 3.31 donde, un atacante no autenticado podría usar este fallo para bloquear a libreswan mediante el envío de paquetes IKEv1 Informational Exchange especialmente diseñados. El demonio reaparece después del bloqueo. An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. • https://bugzilla.redhat.com/show_bug.cgi?id=1813329 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763 https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt https://security.gentoo.org/glsa/202007-21 https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 https://www.debian.org/security/2020/dsa-4684 https://access.redh • CWE-125: Out-of-bounds Read •