Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Libreswan 安全漏洞
Vulnerability Description
Libreswan是一个类似于Openswan的IPsec实现,它主要用于保证数据传输中的安全性、完整性问题。 Libreswan存在安全漏洞,该漏洞源于当仅使用不可接受的加密算法接收IKEv1攻击模式数据包并且未使用零响应者SPI发送响应数据包时,pluto守护进程状态机会崩溃。
CVSS Information
N/A
Vulnerability Type
N/A