First published: Tue Feb 21 2023(Updated: )
A crafted TS payload with an incorrect selector length may allow a remote attacker to cause a denial of service.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Libreswan Libreswan | =4.9 | |
Debian Debian Linux | =11.0 | |
debian/libreswan | 3.27-6+deb10u1 4.3-1+deb11u4 4.3-1+deb11u3 4.10-2+deb12u1 4.12-1 | |
debian/libreswan | <=4.3-1<=4.7-1<=4.3-1+deb11u1<=4.9-1 | 4.9-2 4.10-1 4.3-1+deb11u3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-23009 is a vulnerability in Libreswan 4.9 that allows remote attackers to cause a denial of service by triggering an assert failure and daemon restart with a crafted TS payload.
CVE-2023-23009 affects Libreswan 4.9, leading to a denial of service issue.
CVE-2023-23009 has a severity rating of 6.5 (medium).
To fix CVE-2023-23009 on Debian Linux, update the libreswan package to version 4.3-1+deb11u3 or later.
You can find more information about CVE-2023-23009 at the following references: [link1], [link2], [link3].