CVE-2014-9221 — Strongswan vulnerability

CWE-1910 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

6.9%

top 8.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Debian Strongswan Canonical Ubuntu Linux +3 more

Timeline

PublishedJan 7

Latest updateMay 14

Description

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/strongswan< strongswan 5.2.1-5 (bookworm)

▶Debianstrongswan/strongswan< 5.2.1-5+3

▶NVDstrongswan/strongswan19 versions+18

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Debian Linux 7.0, Fedora 21, Ubuntu Linux 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-r7v4-h67j-q6qx: strongSwan 4↗2022-05-14

▶

OSV

CVE-2014-9221: strongSwan 4↗2015-01-07

▶

📋Vendor Advisories

Ubuntu

strongSwan vulnerability↗2015-01-05

▶

Red Hat

strongswan: denial-of-service vulnerability in libtls when processing crafted Key Exchange payload↗2015-01-05

▶

Debian

CVE-2014-9221: strongswan - strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a d...↗2014

▶

💬Community

Bugzilla

CVE-2014-9221 strongswan: denial-of-service vulnerability in libtls when processing crafted Key Exchange payload [epel-all]↗2015-03-25

▶

Bugzilla

CVE-2014-9221 strongswan: denial-of-service vulnerability in libtls when processing crafted Key Exchange payload [epel-all]↗2015-01-05

▶

Bugzilla

CVE-2014-9221 strongswan: denial-of-service vulnerability in libtls when processing crafted Key Exchange payload [fedora-all]↗2015-01-05

▶

Bugzilla

CVE-2014-9221 strongswan: denial-of-service vulnerability in libtls when processing crafted Key Exchange payload↗2014-12-11

▶