The IPsec implementation in Linux kernel before 2.6.25 allows remote
routers to cause a denial of service (crash) via a fragmented ESP packet in
which the first fragment does not contain the entire ESP header and IV.
Dirk Nehring discovered that the IPsec protocol stack did not correctly
handle fragmented ESP packets. A remote attacker could exploit this
to crash the system, leading to a denial of service.
Updated: 2015-10-17 03:29:04 UTC (commit 10086)