CVE-2009-1957 in Ubuntu

CVE-2009-1957

Priority

Description

charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows
remote attackers to cause a denial of service (NULL pointer dereference and
crash) via an invalid IKE_SA_INIT request that triggers "an incomplete
state," followed by a CREATE_CHILD_SA request.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1957

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531612

Notes

Package

Source: strongswan (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (4.3.2-1.1ubuntu1)

Patches:

Upstream:

http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-02-10 23:37:39 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)