{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/vex/2023/cve-2023-23009-els_os-almalinux9_2esu.json" } ], "tracking": { "current_release_date": "2026-04-19T11:59:40Z", "generator": { "date": "2026-04-19T11:59:40Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-23009-ELS_OS-ALMALINUX9.2ESU", "initial_release_date": "2023-02-21T16:15:00Z", "revision_history": [ { "date": "2023-02-21T16:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-10-08T17:53:30Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-10-30T10:45:33Z", "number": "3", "summary": "Update document" }, { "date": "2025-11-29T11:37:00Z", "number": "4", "summary": "Update document" }, { "date": "2025-12-23T19:08:30Z", "number": "5", "summary": "Update document" }, { "date": "2026-01-19T22:18:17Z", "number": "6", "summary": "Update document" }, { "date": "2026-04-19T11:59:40Z", "number": "7", "summary": "Update document" } ], "status": "final", "version": "7" }, "title": "Security update on CVE-2023-23009" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "libreswan-0:4.9-4.el9_2.x86_64", "product": { "name": "libreswan-0:4.9-4.el9_2.x86_64", "product_id": "libreswan-0:4.9-4.el9_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/libreswan@4.9-4.el9_2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libreswan-0:4.9-4.el9_2.tuxcare.els4.x86_64", "product": { "name": "libreswan-0:4.9-4.el9_2.tuxcare.els4.x86_64", "product_id": "libreswan-0:4.9-4.el9_2.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libreswan@4.9-4.el9_2.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "libreswan-0:4.9-4.el9_2.tuxcare.els3.x86_64", "product": { "name": "libreswan-0:4.9-4.el9_2.tuxcare.els3.x86_64", "product_id": "libreswan-0:4.9-4.el9_2.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libreswan@4.9-4.el9_2.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "libreswan-0:4.9-4.el9_2.tuxcare.els1.x86_64", "product": { "name": "libreswan-0:4.9-4.el9_2.tuxcare.els1.x86_64", "product_id": "libreswan-0:4.9-4.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libreswan@4.9-4.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "libreswan-0:4.12-2.el9_2.tuxcare.els1.x86_64", "product": { "name": "libreswan-0:4.12-2.el9_2.tuxcare.els1.x86_64", "product_id": "libreswan-0:4.12-2.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libreswan@4.12-2.el9_2.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libreswan-0:4.9-4.el9_2.tuxcare.els4.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els4.x86_64" }, "product_reference": "libreswan-0:4.9-4.el9_2.tuxcare.els4.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libreswan-0:4.9-4.el9_2.tuxcare.els3.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els3.x86_64" }, "product_reference": "libreswan-0:4.9-4.el9_2.tuxcare.els3.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libreswan-0:4.9-4.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els1.x86_64" }, "product_reference": "libreswan-0:4.9-4.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libreswan-0:4.9-4.el9_2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.x86_64" }, "product_reference": "libreswan-0:4.9-4.el9_2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libreswan-0:4.12-2.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libreswan-0:4.12-2.el9_2.tuxcare.els1.x86_64" }, "product_reference": "libreswan-0:4.12-2.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-23009", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.x86_64" ], "under_investigation": [ "AlmaLinux-9.2:libreswan-0:4.12-2.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els3.x86_64", "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-23009" }, { "category": "external", "summary": "https://github.com/libreswan/libreswan/issues/954", "url": "https://github.com/libreswan/libreswan/issues/954" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MFOIQX2LRL43P3GJT33DE7G7COHNXDN/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MFOIQX2LRL43P3GJT33DE7G7COHNXDN/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSMYJH7MC2FZGCY5NH5AXULO3ISXIHOF/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSMYJH7MC2FZGCY5NH5AXULO3ISXIHOF/" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5368", "url": "https://www.debian.org/security/2023/dsa-5368" } ], "release_date": "2023-02-21T16:15:00Z", "remediations": [ { "category": "no_fix_planned", "details": "Ignored due to low severity", "product_ids": [ "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.x86_64" ] }, { "category": "no_fix_planned", "details": "This issue only causes a temporary denial of service by crashing and automatically restarting the Libreswan IKE daemon during IKEv2 traffic‑selector parsing, with no confidentiality or integrity impact. Exploitation requires the attacker to reach the host’s IKE service and have low-level privileges in the exchange (e.g., act as a configured/authenticated peer), not merely send unauthenticated Internet traffic. Consequently, unless Libreswan is exposed to untrusted IKE peers, the practical risk is limited to transient VPN tunnel disruption and can be deprioritized.", "product_ids": [ "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.x86_64" ] }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:libreswan-0:4.12-2.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els3.x86_64", "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:libreswan-0:4.12-2.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els3.x86_64", "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.tuxcare.els4.x86_64", "AlmaLinux-9.2:libreswan-0:4.9-4.el9_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }