Vulnerability Details CVE-2014-9221
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.079
EPSS Ranking 91.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html
- http://secunia.com/advisories/62071
- http://secunia.com/advisories/62083
- http://secunia.com/advisories/62095
- http://secunia.com/advisories/62663
- http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html
- http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html
- http://www.debian.org/security/2015/dsa-3118
- http://www.securityfocus.com/bid/71894
- http://www.ubuntu.com/usn/USN-2450-1
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00054.html
- http://secunia.com/advisories/62071
- http://secunia.com/advisories/62083
- http://secunia.com/advisories/62095
- http://secunia.com/advisories/62663
- http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html
- http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html
- http://www.debian.org/security/2015/dsa-3118
- http://www.securityfocus.com/bid/71894
- http://www.ubuntu.com/usn/USN-2450-1
Products affected by CVE-2014-9221
-
cpe:2.3:a:strongswan:strongswan:4.5.0
-
cpe:2.3:a:strongswan:strongswan:4.5.1
-
cpe:2.3:a:strongswan:strongswan:4.5.2
-
cpe:2.3:a:strongswan:strongswan:4.5.3
-
cpe:2.3:a:strongswan:strongswan:4.6.0
-
cpe:2.3:a:strongswan:strongswan:4.6.1
-
cpe:2.3:a:strongswan:strongswan:4.6.2
-
cpe:2.3:a:strongswan:strongswan:4.6.3
-
cpe:2.3:a:strongswan:strongswan:4.6.4
-
cpe:2.3:a:strongswan:strongswan:5.0.0
-
cpe:2.3:a:strongswan:strongswan:5.0.1
-
cpe:2.3:a:strongswan:strongswan:5.0.2
-
cpe:2.3:a:strongswan:strongswan:5.0.3
-
cpe:2.3:a:strongswan:strongswan:5.0.4
-
cpe:2.3:a:strongswan:strongswan:5.1.0
-
cpe:2.3:a:strongswan:strongswan:5.1.1
-
cpe:2.3:a:strongswan:strongswan:5.1.2
-
cpe:2.3:a:strongswan:strongswan:5.1.3
-
cpe:2.3:a:strongswan:strongswan:5.2.0
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.10
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:fedoraproject:fedora:21
-
cpe:2.3:o:opensuse:opensuse:13.1
-
cpe:2.3:o:opensuse:opensuse:13.2