{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-30570", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T14:28:51.952Z", "dateReserved": "2023-04-12T00:00:00", "datePublished": "2023-05-28T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-05-28T00:00:00"}, "descriptions": [{"lang": "en", "value": "pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:28:51.952Z"}, "title": "CVE Program Container", "references": [{"url": "https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CFA1697-D667-487B-88A5-5368F50B5383", "versionEndIncluding": "4.10", "versionStartIncluding": "3.28", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28."}], "id": "CVE-2023-30570", "lastModified": "2023-06-03T04:12:44.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-29T00:15:09.820", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2122", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreswan-0:4.5-1.el8_7.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-04T00:00:00Z"}, {"advisory": "RHSA-2023:2126", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "libreswan-0:3.29-7.el8_1.2", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-05-04T00:00:00Z"}, {"advisory": "RHSA-2023:2124", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "libreswan-0:3.29-7.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-05-04T00:00:00Z"}, {"advisory": "RHSA-2023:2124", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "libreswan-0:3.29-7.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-05-04T00:00:00Z"}, {"advisory": "RHSA-2023:2124", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "libreswan-0:3.29-7.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-05-04T00:00:00Z"}, {"advisory": "RHSA-2023:2125", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "libreswan-0:4.3-6.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-05-04T00:00:00Z"}, {"advisory": "RHSA-2023:2123", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "libreswan-0:4.5-1.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-05-04T00:00:00Z"}, {"advisory": "RHSA-2023:2120", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libreswan-0:4.6-3.el9_1.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-04T00:00:00Z"}, {"advisory": "RHSA-2023:2121", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "libreswan-0:4.6-3.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-05-04T00:00:00Z"}], "bugzilla": {"description": "libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan", "id": "2187165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187165"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.", "A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible."], "name": "CVE-2023-30570", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libreswan", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-30570\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30570\nhttps://libreswan.org/security/\nhttps://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt"], "threat_severity": "Important"}