The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and
2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9,
allows remote attackers to cause a denial of service (daemon crash and
restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer
Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer
dereference related to inconsistent ISAKMP state and the lack of a phase2
state association in DPD.