PT-2023-22795 · Libreswan+3 · Libreswan+3

Xu-Huai

·

Publicado

2023-05-03

·

Atualizado

2025-01-14

·

CVE-2023-30570

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Libreswan versions 3.28 through 4.10
Description The issue allows for a denial of service, causing the daemon to crash due to responder SPI mishandling. This can be triggered via unauthenticated IKEv1 Aggressive Mode packets.
Recommendations For versions 3.28 through 4.10, update to version 4.11 or later to resolve the issue.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALSA-2023:2122
ALSA-2023:3107
ALSA-2023:3148
AZL-26873
AZL-34934
CESA-2023_2122
CVE-2023-30570
MGASA-2024-0085
OESA-2023-1318
RHSA-2023:2120
RHSA-2023:2121
RHSA-2023:2122
RHSA-2023:2123
RHSA-2023:2124
RHSA-2023:2125
RHSA-2023:2126
RHSA-2023_2120
RHSA-2023_2122

Produtos afetados

Almalinux
Centos
Libreswan
Red Hat