CVE-2023-2295
libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-04-26 CVE Reserved
- 2023-05-16 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:3107 | Third Party Advisory | |
| https://access.redhat.com/errata/RHSA-2023:3148 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-2295 | 2023-05-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2189777 | 2023-05-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libreswan Search vendor "Libreswan" | Libreswan Search vendor "Libreswan" for product "Libreswan" | 4.9-1.el8 Search vendor "Libreswan" for product "Libreswan" and version "4.9-1.el8" | - |
Affected
| ||||||
| Libreswan Search vendor "Libreswan" | Libreswan Search vendor "Libreswan" for product "Libreswan" | 4.9-1.el9 Search vendor "Libreswan" for product "Libreswan" and version "4.9-1.el9" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.8 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 9.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.8 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 9.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.8 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.8" | - |
Affected
| ||||||