CVE-2014-2037
Openswan 2.6.40 - Denial of Service via Malformed IKEv2 Packets
Title source: llmDescription
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/02/18/1
Vendor Advisory mailing-list
x_refsource_mlist
https://lists.openswan.org/pipermail/users/2014-February/022898.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/02/20/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65629
Scores
EPSS
0.0243
EPSS Percentile
82.3%
Details
CWE
CWE-20
Status
published
Products (1)
xelerance/openswan
2.6.40
Published
Nov 26, 2014
Tracked Since
Feb 18, 2026