{
  "threat_severity" : "Important",
  "public_date" : "2022-01-11T05:49:00Z",
  "bugzilla" : {
    "description" : "libreswan: Malicious IKEv1 packet can cause libreswan to restart",
    "id" : "2036898",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2036898"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.", "A vulnerability was found in libreswan. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference issue, leading to a crash of the pluto daemon." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-01-19T00:00:00Z",
    "advisory" : "RHSA-2022:0199",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libreswan-0:4.4-4.el8_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-01-24T00:00:00Z",
    "advisory" : "RHSA-2022:0239",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.4",
    "package" : "libreswan-0:4.3-6.el8_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libreswan",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libreswan",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "libreswan",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-23094\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23094\nhttps://libreswan.org/security/CVE-2022-23094/CVE-2022-23094.txt" ],
  "name" : "CVE-2022-23094",
  "mitigation" : {
    "value" : "If all configured connections are using IKEv2, the IKEv1 subsystem can be disabled by adding the option ikev1-policy=drop to the \"config setup\" section of ipsec.conf. Alternatively, libreswan can be compiled with USE_IKEv1=false.\nIf all remote peers are on static IP addresses, a firewall rule blocking UDP port 500 and 4500 can be installed to prevent attackers from sending packets to the pluto IKE daemon.\nIf peers appear on dynamic IP addresses and IKEv1 connections must be supported, then no workarounds are known, and libreswan must be updated or patched.",
    "lang" : "en:us"
  },
  "csaw" : false
}