CVE-2023-2295

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
libreswanlibreswan
4.9-1.el8
libreswanlibreswan
4.9-1.el9
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux_eus
8.8
redhatenterprise_linux_eus
9.2
redhatenterprise_linux_server_aus
8.8
redhatenterprise_linux_server_aus
9.2
redhatenterprise_linux_server_tus
8.8
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libreswan
oracular
needs-triage
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:3107
https://access.redhat.com/errata/RHSA-2023:3148
https://access.redhat.com/security/cve/CVE-2023-2295
https://bugzilla.redhat.com/show_bug.cgi?id=2189777
https://access.redhat.com/errata/RHSA-2023:3107
https://access.redhat.com/errata/RHSA-2023:3148
https://access.redhat.com/security/cve/CVE-2023-2295
https://bugzilla.redhat.com/show_bug.cgi?id=2189777