CVE-2014-2891

strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.

Published: May 7, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2891
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
debian / strongswan	-	5.1.2.x
strongswan / strongswan	5.0.1	5.0.1.x
strongswan / strongswan	5.1.0	5.1.0.x
strongswan / strongswan	5.0.3	5.0.3.x
strongswan / strongswan	5.0.4	5.0.4.x
strongswan / strongswan	5.0.2	5.0.2.x
strongswan / strongswan	-	5.1.1.x
strongswan / strongswan	5.0.0	5.0.0.x

http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html
http://secunia.com/advisories/59864
http://www.debian.org/security/2014/dsa-2922
http://www.securityfocus.com/bid/67212
http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-(cve-2014-2891).html
http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html

Vulnerability Database

289,689

CVE-2014-2891