CVE-2022-23094 – libreswan: Malicious IKEv1 packet can cause libreswan to restart

https://notcve.org/view.php?id=CVE-2022-23094

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. Libreswan versiones 4.2 hasta 4.5, permite a atacantes remotos causar una denegación de servicio (desreferencia del puntero NULL y bloqueo del demonio) por medio de un paquete IKEv1 diseñado porque el archivo pluto/ikev1.c espera erróneamente que sea presentado un objeto de estado. Esto ha sido corregido en versión 4.6 A vulnerability was found in libreswan. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference issue, leading to a crash of the pluto daemon. • https://github.com/libreswan/libreswan/issues/585 https://libreswan.org/security/CVE-2022-23094 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP https://www.debian.org/security/2022/dsa-5048 https://access.redhat.com/security/cve/CVE-2022-23094 https://bugzilla.redhat.com/show_bug.cgi?id=2036898 • CWE-476: NULL Pointer Dereference •