Lucene search
MitreCVE-2011-4073HistoryNov 17, 2011 - 7:55 p.m.
CVE-2011-4073
2011-11-1719:55:01
CWE-399
mitre
web.nvd.nist.gov
37
cve-2011-4073
use-after-free
openswan
cryptographic helper handler
denial of service
remote authentication
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
5.9
Confidence
Low
EPSS
0.01
Percentile
83.9%
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
Affected configurations
Node
xeleranceopenswanMatch2.3.0
ORxeleranceopenswanMatch2.3.1
ORxeleranceopenswanMatch2.4.0
ORxeleranceopenswanMatch2.4.1
ORxeleranceopenswanMatch2.4.2
ORxeleranceopenswanMatch2.4.3
ORxeleranceopenswanMatch2.4.4
ORxeleranceopenswanMatch2.4.5
ORxeleranceopenswanMatch2.4.6
ORxeleranceopenswanMatch2.4.7
ORxeleranceopenswanMatch2.4.8
ORxeleranceopenswanMatch2.4.9
ORxeleranceopenswanMatch2.4.10
ORxeleranceopenswanMatch2.4.11
ORxeleranceopenswanMatch2.4.12
ORxeleranceopenswanMatch2.4.13
ORxeleranceopenswanMatch2.5.0
ORxeleranceopenswanMatch2.5.0sbs4
ORxeleranceopenswanMatch2.5.0sbs5
ORxeleranceopenswanMatch2.5.01
ORxeleranceopenswanMatch2.5.02
ORxeleranceopenswanMatch2.5.03
ORxeleranceopenswanMatch2.5.04
ORxeleranceopenswanMatch2.5.05
ORxeleranceopenswanMatch2.5.06
ORxeleranceopenswanMatch2.5.07
ORxeleranceopenswanMatch2.5.08
ORxeleranceopenswanMatch2.5.09
ORxeleranceopenswanMatch2.5.10
ORxeleranceopenswanMatch2.5.11
ORxeleranceopenswanMatch2.5.12
ORxeleranceopenswanMatch2.5.13
ORxeleranceopenswanMatch2.5.14
ORxeleranceopenswanMatch2.5.15
ORxeleranceopenswanMatch2.5.16
ORxeleranceopenswanMatch2.5.17
ORxeleranceopenswanMatch2.5.18
ORxeleranceopenswanMatch2.6.01
ORxeleranceopenswanMatch2.6.02
ORxeleranceopenswanMatch2.6.03
ORxeleranceopenswanMatch2.6.04
ORxeleranceopenswanMatch2.6.05
ORxeleranceopenswanMatch2.6.06
ORxeleranceopenswanMatch2.6.07
ORxeleranceopenswanMatch2.6.08
ORxeleranceopenswanMatch2.6.09
ORxeleranceopenswanMatch2.6.10
ORxeleranceopenswanMatch2.6.11
ORxeleranceopenswanMatch2.6.12
ORxeleranceopenswanMatch2.6.13
ORxeleranceopenswanMatch2.6.14
ORxeleranceopenswanMatch2.6.15
ORxeleranceopenswanMatch2.6.16
ORxeleranceopenswanMatch2.6.17
ORxeleranceopenswanMatch2.6.18
ORxeleranceopenswanMatch2.6.19
ORxeleranceopenswanMatch2.6.20
ORxeleranceopenswanMatch2.6.21
ORxeleranceopenswanMatch2.6.22
ORxeleranceopenswanMatch2.6.23
ORxeleranceopenswanMatch2.6.24
ORxeleranceopenswanMatch2.6.25
ORxeleranceopenswanMatch2.6.26
ORxeleranceopenswanMatch2.6.27
ORxeleranceopenswanMatch2.6.28
ORxeleranceopenswanMatch2.6.29
ORxeleranceopenswanMatch2.6.30
ORxeleranceopenswanMatch2.6.31
ORxeleranceopenswanMatch2.6.32
ORxeleranceopenswanMatch2.6.33
ORxeleranceopenswanMatch2.6.34
ORxeleranceopenswanMatch2.6.35
ORxeleranceopenswanMatch2.6.36
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xelerance | openswan | 2.3.0 | cpe:2.3:a:xelerance:openswan:2.3.0:*:*:*:*:*:*:* |
| xelerance | openswan | 2.3.1 | cpe:2.3:a:xelerance:openswan:2.3.1:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.0 | cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.1 | cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.2 | cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.3 | cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.4 | cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.5 | cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.6 | cpe:2.3:a:xelerance:openswan:2.4.6:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.7 | cpe:2.3:a:xelerance:openswan:2.4.7:*:*:*:*:*:*:* |
References
Related
openvas
openvas
Fedora Update for openswan FEDORA-2011-15196
2012-04-02 00:00:00
CentOS Update for openswan CESA-2011:1422 centos5 x86_64
2012-07-30 00:00:00
RedHat Update for openswan RHSA-2011:1422-01
2011-11-03 00:00:00
cvelist
cvelist
CVE-2011-4073
2011-11-17 19:00:00
debian
debian
[BSA-061] Security Update for openswan
2012-01-02 20:07:53
[BSA-061] Security Update for openswan
2012-01-02 20:07:53
[SECURITY] [DSA 2374-1] openswan security update
2011-12-26 12:33:24
nessus
nessus
CentOS 5 : openswan (CESA-2011:1422)
2011-11-03 00:00:00
Openswan < 2.6.37 Cryptographic Helper Use-After-Free Remote DoS
2015-01-28 00:00:00
Oracle Linux 5 / 6 : openswan (ELSA-2011-1422)
2013-07-12 00:00:00
centos
centos
openswan security update
2011-11-03 03:50:42
prion
prion
Design/Logic Flaw
2011-11-17 19:55:00
nvd
nvd
CVE-2011-4073
2011-11-17 19:55:01
securityvulns
securityvulns
OpenSWAN use-after-free
2012-01-09 00:00:00
CVE-2011-4073 Openswan crypto helper crasher
2012-01-09 00:00:00
amazon
amazon
Medium: openswan
2011-11-09 21:34:00
osv
osv
openswan - implementation error
2011-12-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:03:19
oraclelinux
oraclelinux
openswan security update
2011-11-02 00:00:00
redhat
redhat
(RHSA-2011:1422) Moderate: openswan security update
2011-11-02 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: openswan-2.6.37-1.fc16
2011-12-10 19:48:36
[SECURITY] Fedora 15 Update: openswan-2.6.37-1.fc15
2011-12-10 19:56:46
[SECURITY] Fedora 14 Update: openswan-2.6.33-3.fc14
2011-12-10 19:50:44
ubuntucve
ubuntucve
CVE-2011-4073
2011-11-17 00:00:00
gentoo
gentoo
Openswan: Denial of service
2012-03-16 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
5.9
Confidence
Low
EPSS
0.01
Percentile
83.9%
Related for CVE-2011-4073