CVE-2011-3380Openswan vulnerability

5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 32.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xelerance Openswan
Timeline
PublishedNov 17
Latest updateMay 14

Description

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDxelerance/openswan7 versions+6

Patches

Patch: www.openswan.orgPatch: www.openswan.org

🔴Vulnerability Details

1
GHSA
GHSA-57qx-7wcp-85w9: Openswan 22022-05-14

📋Vendor Advisories

1
Red Hat
openswan: IKE invalid key length allows remote unauthenticated user to crash openswan2011-10-05

💬Community

2
Bugzilla
CVE-2011-3380 openswan: IKE invalid key length allows remote unauthenticated user to crash openswan [fedora-all]2011-10-05
Bugzilla
CVE-2011-3380 openswan: IKE invalid key length allows remote unauthenticated user to crash openswan2011-09-28
CVE-2011-3380 — Xelerance Openswan vulnerability | cvebase