The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote malicious users to cause a denial of service.
openbsd openbsd 2.7