CVE-2014-9221

Severity

50%

Complexity

99%

Confidentiality

48%

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 10 years ago

2015-01-07 19:59:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

StrongSwan strongSwan 4.5.0

4.5.0

StrongSwan strongSwan 4.5.1

4.5.1

StrongSwan strongSwan 4.5.2

4.5.2

StrongSwan strongSwan 4.5.3

4.5.3

StrongSwan strongSwan 4.6.0

4.6.0

StrongSwan strongSwan 4.6.1

4.6.1

StrongSwan strongSwan 4.6.2

4.6.2

StrongSwan strongSwan 4.6.3

4.6.3

StrongSwan 4.6.4

4.6.4

StrongSwan 5.0.0

5.0.0

StrongSwan 5.0.1

5.0.1

StrongSwan 5.0.2

5.0.2

StrongSwan 5.0.3

5.0.3

StrongSwan 5.0.4

5.0.4

StrongSwan strongSwan 5.1.0

5.1.0

StrongSwan strongSwan 5.1.1

5.1.1

StrongSwan strongSwan 5.1.2

5.1.2

StrongSwan strongSwan 5.1.3

5.1.3

StrongSwan 5.2.0

5.2.0

OpenSUSE 13.1

13.1

OpenSUSE 13.2

13.2

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 14.10

14.10

Fedora 21

21

Debian Linux 7.0

7.0

References

62083

62095

Permissions Required, Third Party Advisory

62663