Vulnerability Description
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libreswan | Libreswan | 4.9-1.el8 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux Eus | 8.8 |
| Redhat | Enterprise Linux Server Aus | 8.8 |
| Redhat | Enterprise Linux Server Tus | 8.8 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:3107Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:3148Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2023-2295Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2189777Issue Tracking
- https://access.redhat.com/errata/RHSA-2023:3107Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:3148Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2023-2295Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2189777Issue Tracking
FAQ
What is CVE-2023-2295?
CVE-2023-2295 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not...
How severe is CVE-2023-2295?
CVE-2023-2295 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2295?
Check the references section above for vendor advisories and patch information. Affected products include: Libreswan Libreswan, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Tus.