Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2023-23009

Published: 21/02/2023 Updated: 07/11/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Libreswan

Vulnerability Summary

Libreswan 4.9 allows remote malicious users to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libreswan libreswan 4.9

debian debian linux 11.0

Vendor Advisories

Red Hat: Moderate: libreswan security and bug fix update
Synopsis Moderate: libreswan security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libreswan is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this updat ...
Debian CVElist Bug Report Logs: libreswan: remote crash, CVE-2023-23009
Debian Bug report logs - #1031821 libreswan: remote crash, CVE-2023-23009 Package: src:libreswan; Maintainer for src:libreswan is Daniel Kahn Gillmor <dkg@fifthhorsemannet>; Reported by: Daniel Kahn Gillmor <dkg@fifthhorsemannet> Date: Thu, 23 Feb 2023 13:45:01 UTC Severity: normal Tags: fixed-upstream, patch, secu ...
Debian Security Advisories: DSA-5368-1 libreswan -- security update
It was discovered that the libreswan IPsec implementation could be forced into a crash/restart via malformed IKEv2 packets after peer authentication, resulting in denial of service For the stable distribution (bullseye), this problem has been fixed in version 43-1+deb11u3 We recommend that you upgrade your libreswan packages For the detailed se ...
Red Hat:
Description<!---->A flaw was found in the Libreswan package A crafted TS payload with an incorrect selector length may allow a remote attacker to cause a denial of serviceA flaw was found in the Libreswan package A crafted TS payload with an incorrect selector length may allow a remote attacker to cause a denial of service ...

Github Repositories

https://github.com/PhilipM-eu/ikepoke

Ikepoke is a security testing tool for IKE endpoints with a focus on IKEv2.

ikepoke Ikepoke is a security testing tool for IKE endpoints, which was developed as part of a masters thesis Ikepoke's focus lies on IKEv2, but it does support sending IKEv1 main mode and aggressive mode phase 1 packets Its main purpose is to perform (fast) scans on targets to find out which IKE transforms they offer for both IKEv1 and IKEv2 For IKEv2 it offers the tes

References

CWE-400https://github.com/libreswan/libreswan/issues/954https://www.debian.org/security/2023/dsa-5368https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MFOIQX2LRL43P3GJT33DE7G7COHNXDN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSMYJH7MC2FZGCY5NH5AXULO3ISXIHOF/https://access.redhat.com/errata/RHSA-2023:3095https://nvd.nist.govhttps://github.com/PhilipM-eu/ikepokehttps://www.debian.org/security/2023/dsa-5368
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook