CVE-2023-2295 – libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux
https://notcve.org/view.php?id=CVE-2023-2295
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. • https://access.redhat.com/errata/RHSA-2023:3107 https://access.redhat.com/errata/RHSA-2023:3148 https://access.redhat.com/security/cve/CVE-2023-2295 https://bugzilla.redhat.com/show_bug.cgi?id=2189777 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-30570 – libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan
https://notcve.org/view.php?id=CVE-2023-30570
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. • https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt https://access.redhat.com/security/cve/CVE-2023-30570 https://bugzilla.redhat.com/show_bug.cgi?id=2187165 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-23009 – libreswan: remote DoS via crafted TS payload with an incorrect selector length
https://notcve.org/view.php?id=CVE-2023-23009
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. A flaw was found in the Libreswan package. A crafted TS payload with an incorrect selector length may allow a remote attacker to cause a denial of service. • https://github.com/libreswan/libreswan/issues/954 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MFOIQX2LRL43P3GJT33DE7G7COHNXDN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSMYJH7MC2FZGCY5NH5AXULO3ISXIHOF https://www.debian.org/security/2023/dsa-5368 https://access.redhat.com/security/cve/CVE-2023-23009 https://bugzilla.redhat.com/show_bug.cgi?id=2173610 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2022-23094 – libreswan: Malicious IKEv1 packet can cause libreswan to restart
https://notcve.org/view.php?id=CVE-2022-23094
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. Libreswan versiones 4.2 hasta 4.5, permite a atacantes remotos causar una denegación de servicio (desreferencia del puntero NULL y bloqueo del demonio) por medio de un paquete IKEv1 diseñado porque el archivo pluto/ikev1.c espera erróneamente que sea presentado un objeto de estado. Esto ha sido corregido en versión 4.6 A vulnerability was found in libreswan. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference issue, leading to a crash of the pluto daemon. • https://github.com/libreswan/libreswan/issues/585 https://libreswan.org/security/CVE-2022-23094 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP https://www.debian.org/security/2022/dsa-5048 https://access.redhat.com/security/cve/CVE-2022-23094 https://bugzilla.redhat.com/show_bug.cgi?id=2036898 • CWE-476: NULL Pointer Dereference •