CVE-2023-23009

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.

References

Affected packages

Git / github.com/libreswan/libreswan

Affected ranges

Type

GIT

Repo

https://github.com/libreswan/libreswan

Events

Introduced

Last affected

394c823abbf8af6afaf6c9c71fb53fca775bfae7

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.9"
        }
    ]
}

Affected versions

0.*

0.9.9

libreswan-0.*

libreswan-0.0.1

Other

pre_FreeBSD_merge_200607

v2.*

v2.5.01

v2.5.03

v2.6.01

v2.6.03

v2.6.07

v2.6.14

v2.6.15

v2.6.15dr2

v2.6.16

v2.6.16dr1

v2.6.16dr2

v2.6.16dr3

v2.6.16dr4

v2.6.16dr5

v2.6.18

v2.6.18rc1

v2.6.19

v2.6.20

v2.6.20bis

v2.6.20rc2

v2.6.21

v2.6.22dr1

v2.6.23

v2.6.23dr1

v2.6.24

v2.6.24rc2

v2.6.24rc3

v2.6.24rc4

v2.6.24rc5

v2.6.26

v2.6.26rc1

v2.6.27dr1

v2.6.28dr1

v2.6.29

v2.6.29rc2

v2.6.32

v2.6.32dr1

v2.6.32dr3

v2.6.32dr4

v2.6.32dr5

v2.6.32rc1

v2.6.32rc3

v2.6.32rc5

v2.6.32rc6

v2.6.32rc7

v2.6.32rc8

v2.6.32rc9

v2.6.33dr2

v2.6.33rc1

v2.6.34

v2.6.34dr1

v2.6.34dr2

v2.6.34rc1

v2.6.34rc2

v2.6.34rc5

v2.6.34rc6

v2.6.35dr1

v2.6.36

v2.6.36dr1

v2.6.36rc1

v2.6.37

v2.6.38

v2.6.38dr2

v2.6.38rc1

v2.6.38rc2

v2.92

v2.93

v3.*

v3.1

v3.11dr1

v3.14

v3.14rc2

v3.14rc3

v3.16

v3.16rc2

v3.16rc3

v3.17

v3.18

v3.18dr2

v3.19

v3.20

v3.20dr3

v3.20dr4

v3.21

v3.21rc5

v3.22

v3.22dr1

v3.25

v3.26

v3.27

v3.28

v3.2rc1

v3.3

v3.30

v3.4

v3.5

v3.6

v3.7

v4.*

v4.0

v4.1

v4.2

v4.3

v4.4

v4.5

v4.6

v4.7

v4.8

v4.9

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23009.json"