CVE-2014-2037 — Improper Input Validation in Openswan

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 27.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xelerance Openswan

Timeline

PublishedNov 26

Latest updateMay 14

Description

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDxelerance/openswan2.6.40

🔴Vulnerability Details

GHSA

GHSA-4v68-wgfw-m69v: Openswan 2↗2022-05-14

▶

💬Community

Bugzilla

CVE-2013-6466 openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart↗2014-01-08

▶