Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 831042 (CVE-2022-23094)

Summary: <net-vpn/libreswan-4.6: Denial of service (CVE-2022-23094)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: graaff
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094.txt
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 834463    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-12 00:58:44 UTC
https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094.txt:

```
The Libreswan Project was notified by github user "MyOzCam" of an
issue with receiveing a malformed IKEv1 packet that crashed their
server. A malformed packet that is being rejected triggers a logging
action that causes a NULL pointer dereference leading to a crash of
the pluto daemon.

Vulnerable versions: libreswan 4.2 - 4.5
Not vulnerable     : libreswan 3.x, 4.0, 4.1 and 4.6+

Vulnerability information
=========================
A log message added in libreswan 4.2 assumes that an IKEv1 state is
created. In certain malformed packets, libreswan will attempt to log
this but mistakenly assumes there is a state object to use to display
the state object number. Some malformed packets are caught early enough
that no state object is created. The log routine lookup then results
in a NULL pointer dereference causing the libreswan IKE daemon to crash
and restart. This can happen when receiving malformed packets from an
IKE initiator using IKEv1 Main Mode or IKEv1 Aggressive Mode.


Exploitation
============
This vulnerability cannot be abused for a remote code execution or an
authentication bypass. But by continuing to send these packets, a
denial of service attack against the libreswan IKE service is possible.
```
Comment 1 Hans de Graaff gentoo-dev Security 2022-01-12 06:54:02 UTC
4.6 has been added.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-12 20:59:49 UTC
Thank you! Please stabilize when ready.
Comment 3 Hans de Graaff gentoo-dev Security 2022-03-12 07:31:02 UTC
Cleanup done.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-12 22:22:21 UTC
Thanks!