Your submission was sent successfully! Close

CVE-2022-23094

Published: 15 January 2022

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
libreswan
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Ignored
(out of standard support)
upstream
Released (4.6-1)
xenial Ignored
(out of standard support)