OESA-2022-1738
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1738
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1738.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-1738
- Upstream
- Published
- 2022-07-08T11:03:57Z
- Modified
- 2025-08-12T05:12:32.006400Z
- Summary
- libreswan security update
- Details
-
Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN.
Security Fix(es):
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.(CVE-2022-23094)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:22.03-LTS / libreswan
Package
- Name
- libreswan
- Purl
- pkg:rpm/openEuler/libreswan&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.5-2.oe2203
Ecosystem specific
{
"aarch64": [
"libreswan-4.5-2.oe2203.aarch64.rpm",
"libreswan-debugsource-4.5-2.oe2203.aarch64.rpm",
"libreswan-help-4.5-2.oe2203.aarch64.rpm",
"libreswan-debuginfo-4.5-2.oe2203.aarch64.rpm"
],
"src": [
"libreswan-4.5-2.oe2203.src.rpm"
],
"x86_64": [
"libreswan-debugsource-4.5-2.oe2203.x86_64.rpm",
"libreswan-4.5-2.oe2203.x86_64.rpm",
"libreswan-debuginfo-4.5-2.oe2203.x86_64.rpm",
"libreswan-help-4.5-2.oe2203.x86_64.rpm"
]
}