CVE-2009-1957

Priority
Medium
Description
charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows
remote attackers to cause a denial of service (NULL pointer dereference and
crash) via an invalid IKE_SA_INIT request that triggers "an incomplete
state," followed by a CREATE_CHILD_SA request.
References
Bugs
Package
Upstream:needs-triage
Patches:
Upstream:http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch
More Information

Updated: 2017-12-14 19:45:41 UTC (commit 13907)