Openswan 2.6.29 up to and including 2.6.35 allows remote malicious users to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xelerance openswan 2.6.34 |
||
xelerance openswan 2.6.35 |
||
xelerance openswan 2.6.29 |
||
xelerance openswan 2.6.32 |
||
xelerance openswan 2.6.33 |
||
xelerance openswan 2.6.30 |
||
xelerance openswan 2.6.31 |