A vulnerability was found in libreswan affecting libreswan 4.2 - 4.5, where a malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference leading to a crash of the pluto daemon.
Created libreswan tracking bugs for this issue: Affects: fedora-all [bug 2040149]
Upstream patches: https://libreswan.org/security/CVE-2022-23094/
note all fedora releases were fixed before this bug was created.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0199 https://access.redhat.com/errata/RHSA-2022:0199
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0239 https://access.redhat.com/errata/RHSA-2022:0239
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-23094