CVE-2008-4551 — Strongswan vulnerability

CWE-3994 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

1.2%

top 20.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Debian Strongswan

Timeline

PublishedOct 14

Latest updateMay 2

Description

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/strongswan< strongswan 4.2.4-5 (bookworm)

▶Debianstrongswan/strongswan< 4.2.4-5+3

▶NVDstrongswan/strongswan4.2.6+60

🔴Vulnerability Details

GHSA

GHSA-q36r-q874-43q3: strongSwan 4↗2022-05-02

▶

OSV

CVE-2008-4551: strongSwan 4↗2008-10-14

▶

📋Vendor Advisories

Debian

CVE-2008-4551: strongswan - strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of servic...↗2008

▶