#VU75709 Input validation error in libreswan


Published: 2023-05-04

Vulnerability identifier: #VU75709

Vulnerability risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30570

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libreswan
Universal components / Libraries / Libraries used by multiple products

Vendor: libreswan.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of unsupported algorithms (such as DH2) when processing IKEv1 Aggressive Mode packets in libreswan pluto daemon. A remote attacker can send a specially crafted IKEv1 Aggressive Mode packet to the daemon and crash it.

Successful exploitation of the vulnerability requires that the libreswan pluto daemon is configured explicitly with "aggressive=yes" (or "aggrmode=yes") and accepts IKEv1 packets.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libreswan: 3.28 - 4.10

External links
http://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt
http://github.com/libreswan/libreswan/releases/tag/v4.11

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Fedora 36 update for libreswan
Fedora 37 update for libreswan
Fedora 38 update for libreswan
openEuler update for libreswan
Multiple vulnerabilities in OpenShift Container Platform 4.13
Red Hat Enterprise Linux 9 update for libreswan
Red Hat Enterprise Linux 9 update for libreswan
Red Hat Enterprise Linux 9.0 Extended Update Support update for libreswan
Red Hat Enterprise Linux 8 update for libreswan
Red Hat Enterprise Linux 8.6 Extended Update Support update for libreswan