CVE-2008-4551

Severity

50%

Complexity

99%

Confidentiality

48%

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

StrongSwan strongSwan

First reported 16 years ago

2008-10-14 20:00:00

Last updated 13 years ago

2011-03-08 03:12:00

Affected Software

StrongSwan strongSwan 2.0.0

2.0.0

StrongSwan strongSwan 2.0.1

2.0.1

StrongSwan strongSwan 2.0.2

2.0.2

StrongSwan strongSwan 2.1.0

2.1.0

StrongSwan strongSwan 2.1.1

2.1.1

StrongSwan strongSwan 2.1.2

2.1.2

StrongSwan strongSwan 2.1.3

2.1.3

StrongSwan strongSwan 2.1.4

2.1.4

StrongSwan strongSwan 2.1.5

2.1.5

StrongSwan strongSwan 2.3.0

2.3.0

StrongSwan strongSwan 2.3.1

2.3.1

StrongSwan strongSwan 2.3.2

2.3.2

StrongSwan strongSwan 2.4.0

2.4.0

StrongSwan strongSwan 2.4.1

2.4.1

StrongSwan strongSwan 2.4.2

2.4.2

StrongSwan strongSwan 2.4.3

2.4.3

StrongSwan strongSwan 2.5.0

2.5.0

StrongSwan strongSwan 2.5.1

2.5.1

StrongSwan strongSwan 2.5.2

2.5.2

StrongSwan strongSwan 2.5.3

2.5.3

StrongSwan strongSwan 2.5.4

2.5.4

StrongSwan strongSwan 2.5.5

2.5.5

StrongSwan strongSwan 2.5.6

2.5.6

StrongSwan strongSwan 2.5.7

2.5.7

StrongSwan strongSwan 2.6.0

2.6.0

StrongSwan strongSwan 2.6.1

2.6.1

StrongSwan strongSwan 2.6.2

2.6.2

StrongSwan strongSwan 2.6.3

2.6.3

StrongSwan strongSwan 2.6.4

2.6.4

StrongSwan strongSwan 2.7.0

2.7.0

StrongSwan strongSwan 4.0.0

4.0.0

StrongSwan strongSwan 4.0.1

4.0.1

StrongSwan strongSwan 4.0.2

4.0.2

StrongSwan strongSwan 4.0.3

4.0.3

StrongSwan strongSwan 4.0.4

4.0.4

StrongSwan strongSwan 4.0.5

4.0.5

StrongSwan strongSwan 4.0.6

4.0.6

StrongSwan strongSwan 4.0.7

4.0.7

StrongSwan strongSwan 4.1.0

4.1.0

StrongSwan strongSwan 4.1.1

4.1.1

StrongSwan strongSwan 4.1.2

4.1.2

StrongSwan strongSwan 4.1.3

4.1.3

StrongSwan strongSwan 4.1.4

4.1.4

StrongSwan strongSwan 4.1.5

4.1.5

StrongSwan strongSwan 4.1.6

4.1.6

StrongSwan strongSwan 4.1.7

4.1.7

StrongSwan strongSwan 4.1.8

4.1.8

StrongSwan strongSwan 4.1.9

4.1.9

StrongSwan strongSwan 4.1.10

4.1.10

StrongSwan strongSwan 4.1.11

4.1.11

StrongSwan strongSwan 4.2.0

4.2.0

StrongSwan strongSwan 4.2.1

4.2.1

StrongSwan strongSwan 4.2.2

4.2.2

StrongSwan strongSwan 4.2.3

4.2.3

StrongSwan strongSwan 4.2.4

4.2.4

StrongSwan strongSwan 4.2.5

4.2.5

References

http://download.strongswan.org/CHANGES4.txt

http://labs.mudynamics.com/advisories/MU-200809-01.txt

31963

Vendor Advisory

31291

1020903

ADV-2008-2660

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.