CVE-2014-2037

Openswan 2.6.40 - Denial of Service via Malformed IKEv2 Packets

Title source: llm
STIX 2.1

Description

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/02/18/1
Vendor Advisory mailing-list x_refsource_mlist
https://lists.openswan.org/pipermail/users/2014-February/022898.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/02/20/2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65629

Scores

EPSS 0.0243
EPSS Percentile 82.3%

Details

CWE
CWE-20
Status published
Products (1)
xelerance/openswan 2.6.40
Published Nov 26, 2014
Tracked Since Feb 18, 2026