CVE-2023-2295

EUVD-2023-33801
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
libreswanlibreswan
4.9-1.el8
libreswanlibreswan
4.9-1.el9
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux_eus
8.8
redhatenterprise_linux_eus
9.2
redhatenterprise_linux_server_aus
8.8
redhatenterprise_linux_server_aus
9.2
redhatenterprise_linux_server_tus
8.8
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libreswan
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
oracular
needs-triage
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:3107
https://access.redhat.com/errata/RHSA-2023:3148
https://access.redhat.com/security/cve/CVE-2023-2295
https://bugzilla.redhat.com/show_bug.cgi?id=2189777
https://access.redhat.com/errata/RHSA-2023:3107
https://access.redhat.com/errata/RHSA-2023:3148
https://access.redhat.com/security/cve/CVE-2023-2295
https://bugzilla.redhat.com/show_bug.cgi?id=2189777