CVE-2014-2891

Severity

50%

Complexity

99%

Confidentiality

48%

Per: http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html "Based on a crash report from one of our users we found that strongSwan versions before 5.1.2 are susceptible to a DoS vulnerability. Affected are strongSwan versions 4.3.3 and newer, up to 5.1.1. The latest release (5.1.3) is not affected."

strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.

Per: http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html "Based on a crash report from one of our users we found that strongSwan versions before 5.1.2 are susceptible to a DoS vulnerability. Affected are strongSwan versions 4.3.3 and newer, up to 5.1.1. The latest release (5.1.3) is not affected."

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

StrongSwan

First reported 11 years ago

2014-05-07 10:55:00

Last updated 6 years ago

2018-08-13 21:47:00

Affected Software

StrongSwan 5.0.0

5.0.0

StrongSwan 5.0.1

5.0.1

StrongSwan 5.0.2

5.0.2

StrongSwan 5.0.3

5.0.3

StrongSwan 5.0.4

5.0.4

StrongSwan strongSwan 5.1.0

5.1.0

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.