Published: 15/01/2022 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Libreswan 4.2 up to and including 4.5 allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libreswan libreswan
fedoraproject fedora 34
fedoraproject fedora 35
debian debian linux 10.0

Synopsis Moderate: OpenShift Container Platform 4743 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4743 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platfo ...

It was discovered that the libreswan IPsec implementation could be forced into a crash/restart via a malformed IKEv1 packet, resulting in denial of service For the stable distribution (bullseye), this problem has been fixed in version 43-1+deb11u1 We recommend that you upgrade your libreswan packages For the detailed security status of libreswa ...

CWE-476 https://github.com/libreswan/libreswan/issues/585 https://libreswan.org/security/CVE-2022-23094 https://www.debian.org/security/2022/dsa-5048 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:0492 https://www.debian.org/security/2022/dsa-5048

CVE-2022-23094

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect