CVE-2009-1958 in Ubuntu

CVE-2009-1958

Priority

Description

charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before
4.3.1 switches the NULL checks for TSi and TSr payloads, which allows
remote attackers to cause a denial of service via an IKE_AUTH request
without a (1) TSi or (2) TSr traffic selector.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1958

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531612

Notes

Package

Source: strongswan (LP Ubuntu Debian)

Upstream:	released (4.3.1)
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (4.3.2-1)

Patches:

Upstream:

http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-02-10 23:37:39 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)