CVE-2009-0790

The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:strongswan:strongswan:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.4.0a:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.15:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.16:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.17:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.18:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.19:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.20:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-04-01 10:30

Updated : 2019-07-29 14:24


NVD link : CVE-2009-0790

Mitre link : CVE-2009-0790


JSON object : View

Products Affected

strongswan

  • strongswan

xelerance

  • openswan
CWE
CWE-20

Improper Input Validation