Vulnerability roundup 111: libreswan-4.5: 1 advisory [7.5]

NixOS / nixpkgs

Nix Packages collection & NixOS

MIT License

18.3k stars 14.27k forks source link

Vulnerability roundup 111: libreswan-4.5: 1 advisory [7.5] #160669

Closed ckauhaus closed 2 years ago

ckauhaus commented 2 years ago

search, files

[ ] CVE-2022-23094 CVSSv3=7.5 (nixos-unstable)

CVE details

CVE-2022-23094

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.

Scanned versions: nixos-unstable: 5aaed40d22f.

Cc @afranchuk Cc @rnhmjoj

rnhmjoj commented 2 years ago

Libreswan is already 4.6 in both 21.11 and unstable. The version you scanned is pretty old...

ckauhaus commented 2 years ago

Yes, the channel on Hydra were stuck