CVE-2023-2295 — Vulnetix

CVE-2023-2295 PUBLISHED CVSS 9.300000190734863 CRITICAL

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

EPSS 4.42% · 89.2th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

4.42%

89.2th percentile

Affected Products

Vendor	Product	Versions
redhat	enterprise_linux_eus	9.2, 8.8, 9.2
libreswan	libreswan	4.9-1.el8, 4.9-1.el9, 4.9-1.el8
redhat	enterprise_linux_server_tus	8.8, 8.8
redhat	enterprise_linux_server_aus	9.2, 8.8, 8.8
n/a	libreswan	Affects libreswan v4.9-1.el8 and libreswan v4.9-1.el9, Fixed in libreswan v4.9-3.el8_8 and libreswan v4.9-4.el9_2, Affects libreswan v4.9-1.el8 and libreswan v4.9-1.el9, Fixed in libreswan v4.9-3.el8_8 and libreswan v4.9-4.el9_2
redhat	enterprise_linux	8.0, 8.0, 9.0

Exploit Intelligence

https://bugzilla.redhat.com/show_bug.cgi?id=2189777 (circl)
https://access.redhat.com/security/cve/CVE-2023-2295 (circl)
https://access.redhat.com/errata/RHSA-2023:3107 (circl)
https://access.redhat.com/errata/RHSA-2023:3148 (circl)

Timeline

May 17, 2023 CVE Published
May 18, 2023 EPSS Score
Jun 23, 2023 EPSS Score
Jul 30, 2023 EPSS Score
Oct 11, 2023 EPSS Score
Nov 16, 2023 EPSS Score
Dec 23, 2023 EPSS Score
Jan 28, 2024 EPSS Score
Mar 5, 2024 EPSS Score
May 17, 2024 EPSS Score
Jun 22, 2024 EPSS Score
Jul 29, 2024 EPSS Score

References

Open in Interactive Console →