{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-20T16:06:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://libreswan.org/security/CVE-2022-23094"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libreswan/libreswan/issues/585"}, {"name": "DSA-5048", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5048"}, {"name": "FEDORA-2022-a4bca77f88", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP/"}, {"name": "FEDORA-2022-42e0892147", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-23094", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://libreswan.org/security/CVE-2022-23094", "refsource": "MISC", "url": "https://libreswan.org/security/CVE-2022-23094"}, {"name": "https://github.com/libreswan/libreswan/issues/585", "refsource": "MISC", "url": "https://github.com/libreswan/libreswan/issues/585"}, {"name": "DSA-5048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5048"}, {"name": "FEDORA-2022-a4bca77f88", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP/"}, {"name": "FEDORA-2022-42e0892147", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:43.512Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://libreswan.org/security/CVE-2022-23094"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/libreswan/libreswan/issues/585"}, {"name": "DSA-5048", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5048"}, {"name": "FEDORA-2022-a4bca77f88", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP/"}, {"name": "FEDORA-2022-42e0892147", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-23094", "datePublished": "2022-01-15T01:37:32", "dateReserved": "2022-01-11T00:00:00", "dateUpdated": "2024-08-03T03:28:43.512Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "32DBE093-AC0F-44D8-928A-891291E794CD", "versionEndExcluding": "4.6", "versionStartIncluding": "4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6."}, {"lang": "es", "value": "Libreswan versiones 4.2 hasta 4.5, permite a atacantes remotos causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL y bloqueo del demonio) por medio de un paquete IKEv1 dise\u00f1ado porque el archivo pluto/ikev1.c espera err\u00f3neamente que sea presentado un objeto de estado. Esto ha sido corregido en versi\u00f3n 4.6"}], "id": "CVE-2022-23094", "lastModified": "2023-11-07T03:44:04.353", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-15T02:15:06.547", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/libreswan/libreswan/issues/585"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://libreswan.org/security/CVE-2022-23094"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5048"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0199", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreswan-0:4.4-4.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-01-19T00:00:00Z"}, {"advisory": "RHSA-2022:0239", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "libreswan-0:4.3-6.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-01-24T00:00:00Z"}], "bugzilla": {"description": "libreswan: Malicious IKEv1 packet can cause libreswan to restart", "id": "2036898", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036898"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.", "A vulnerability was found in libreswan. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference issue, leading to a crash of the pluto daemon."], "mitigation": {"lang": "en:us", "value": "If all configured connections are using IKEv2, the IKEv1 subsystem can be disabled by adding the option ikev1-policy=drop to the \"config setup\" section of ipsec.conf. Alternatively, libreswan can be compiled with USE_IKEv1=false.\nIf all remote peers are on static IP addresses, a firewall rule blocking UDP port 500 and 4500 can be installed to prevent attackers from sending packets to the pluto IKE daemon.\nIf peers appear on dynamic IP addresses and IKEv1 connections must be supported, then no workarounds are known, and libreswan must be updated or patched."}, "name": "CVE-2022-23094", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-01-11T05:49:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-23094\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23094\nhttps://libreswan.org/security/CVE-2022-23094/CVE-2022-23094.txt"], "threat_severity": "Important", "upstream_fix": "libreswan 4.6"}