Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2008-3651

Published: 13/08/2008 Updated: 13/02/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Subscribe to Ipsec Tools Racoon Daemon

Vulnerability Summary

Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools prior to 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.

Vulnerable Product Search on Vulmon Subscribe to Product

linux ipsec tools racoon daemon 0.2.5

linux ipsec tools racoon daemon 0.6

linux ipsec tools racoon daemon 0.7

linux ipsec tools racoon daemon 0.2.2

linux ipsec tools racoon daemon 0.6.4

linux ipsec tools racoon daemon 0.6.7

linux ipsec tools racoon daemon 0.3.3

linux ipsec tools racoon daemon 0.6.6

linux ipsec tools racoon daemon 0.5.2

linux ipsec tools racoon daemon 0.5.1

linux ipsec tools racoon daemon 0.6.5

linux ipsec tools racoon daemon 0.5

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2008-3651: memory leak
Debian Bug report logs - #495214 CVE-2008-3651: memory leak Package: ipsec-tools; Maintainer for ipsec-tools is ipsec-tools packagers <team+ipsec-tools@trackerdebianorg>; Source for ipsec-tools is src:ipsec-tools (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Fri, 15 Aug 2008 ...
Ubuntu Security Notice: ipsec-tools vulnerabilities
It was discovered that there were multiple ways to leak memory during the IKE negotiation when handling certain packets If a remote attacker sent repeated malicious requests, the “racoon” key exchange server could allocate large amounts of memory, possibly leading to a denial of service ...

References

CWE-200http://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2https://bugzilla.redhat.com/show_bug.cgi?id=456660http://sourceforge.net/project/shownotes.php?release_id=615380&group_id=74601http://www.mandriva.com/security/advisories?name=MDVSA-2008:181http://secunia.com/advisories/31450http://sourceforge.net/mailarchive/message.php?msg_name=20080724084529.GA3768%40zen.inchttp://www.securitytracker.com/id?1020667http://www.securityfocus.com/bid/30657http://www.redhat.com/support/errata/RHSA-2008-0849.htmlhttp://secunia.com/advisories/31624http://www.ubuntu.com/usn/usn-641-1http://secunia.com/advisories/32759http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlhttp://security.gentoo.org/glsa/glsa-200812-03.xmlhttp://secunia.com/advisories/32971http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://support.apple.com/kb/HT3549http://secunia.com/advisories/35074http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://www.vupen.com/english/advisories/2009/1297http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://support.apple.com/kb/HT3639http://www.vupen.com/english/advisories/2009/1621http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlhttp://www.vupen.com/english/advisories/2008/2844http://www.vupen.com/english/advisories/2008/2345https://exchange.xforce.ibmcloud.com/vulnerabilities/44395https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10453https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495214https://usn.ubuntu.com/641-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook