vulnerability

Red Hat OpenShift: CVE-2023-2295: libreswan: Regression of fixes in the Red Hat Enterprise Linux

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	2023-05-17	2025-01-10	2025-04-11

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

2023-05-17

Added

2025-01-10

Modified

2025-04-11

Description

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

Solution

linuxrpm-upgrade-libreswan

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today