Lucene search
HistoryNov 17, 2011 - 7:55 p.m.
CVE-2011-4073
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
6
Confidence
Low
EPSS
0.01
Percentile
83.9%
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
Affected configurations
Node
xeleranceopenswanMatch2.3.0
ORxeleranceopenswanMatch2.3.1
ORxeleranceopenswanMatch2.4.0
ORxeleranceopenswanMatch2.4.1
ORxeleranceopenswanMatch2.4.2
ORxeleranceopenswanMatch2.4.3
ORxeleranceopenswanMatch2.4.4
ORxeleranceopenswanMatch2.4.5
ORxeleranceopenswanMatch2.4.6
ORxeleranceopenswanMatch2.4.7
ORxeleranceopenswanMatch2.4.8
ORxeleranceopenswanMatch2.4.9
ORxeleranceopenswanMatch2.4.10
ORxeleranceopenswanMatch2.4.11
ORxeleranceopenswanMatch2.4.12
ORxeleranceopenswanMatch2.4.13
ORxeleranceopenswanMatch2.5.0
ORxeleranceopenswanMatch2.5.0sbs4
ORxeleranceopenswanMatch2.5.0sbs5
ORxeleranceopenswanMatch2.5.01
ORxeleranceopenswanMatch2.5.02
ORxeleranceopenswanMatch2.5.03
ORxeleranceopenswanMatch2.5.04
ORxeleranceopenswanMatch2.5.05
ORxeleranceopenswanMatch2.5.06
ORxeleranceopenswanMatch2.5.07
ORxeleranceopenswanMatch2.5.08
ORxeleranceopenswanMatch2.5.09
ORxeleranceopenswanMatch2.5.10
ORxeleranceopenswanMatch2.5.11
ORxeleranceopenswanMatch2.5.12
ORxeleranceopenswanMatch2.5.13
ORxeleranceopenswanMatch2.5.14
ORxeleranceopenswanMatch2.5.15
ORxeleranceopenswanMatch2.5.16
ORxeleranceopenswanMatch2.5.17
ORxeleranceopenswanMatch2.5.18
ORxeleranceopenswanMatch2.6.01
ORxeleranceopenswanMatch2.6.02
ORxeleranceopenswanMatch2.6.03
ORxeleranceopenswanMatch2.6.04
ORxeleranceopenswanMatch2.6.05
ORxeleranceopenswanMatch2.6.06
ORxeleranceopenswanMatch2.6.07
ORxeleranceopenswanMatch2.6.08
ORxeleranceopenswanMatch2.6.09
ORxeleranceopenswanMatch2.6.10
ORxeleranceopenswanMatch2.6.11
ORxeleranceopenswanMatch2.6.12
ORxeleranceopenswanMatch2.6.13
ORxeleranceopenswanMatch2.6.14
ORxeleranceopenswanMatch2.6.15
ORxeleranceopenswanMatch2.6.16
ORxeleranceopenswanMatch2.6.17
ORxeleranceopenswanMatch2.6.18
ORxeleranceopenswanMatch2.6.19
ORxeleranceopenswanMatch2.6.20
ORxeleranceopenswanMatch2.6.21
ORxeleranceopenswanMatch2.6.22
ORxeleranceopenswanMatch2.6.23
ORxeleranceopenswanMatch2.6.24
ORxeleranceopenswanMatch2.6.25
ORxeleranceopenswanMatch2.6.26
ORxeleranceopenswanMatch2.6.27
ORxeleranceopenswanMatch2.6.28
ORxeleranceopenswanMatch2.6.29
ORxeleranceopenswanMatch2.6.30
ORxeleranceopenswanMatch2.6.31
ORxeleranceopenswanMatch2.6.32
ORxeleranceopenswanMatch2.6.33
ORxeleranceopenswanMatch2.6.34
ORxeleranceopenswanMatch2.6.35
ORxeleranceopenswanMatch2.6.36
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xelerance | openswan | 2.3.0 | cpe:2.3:a:xelerance:openswan:2.3.0:*:*:*:*:*:*:* |
| xelerance | openswan | 2.3.1 | cpe:2.3:a:xelerance:openswan:2.3.1:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.0 | cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.1 | cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.2 | cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.3 | cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.4 | cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.5 | cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.6 | cpe:2.3:a:xelerance:openswan:2.4.6:*:*:*:*:*:*:* |
| xelerance | openswan | 2.4.7 | cpe:2.3:a:xelerance:openswan:2.4.7:*:*:*:*:*:*:* |
References
Related
centos
centos
openswan security update
2011-11-03 03:50:42
prion
prion
Design/Logic Flaw
2011-11-17 19:55:00
openvas
openvas
Debian: Security Advisory (DSA-2374-1)
2012-02-11 00:00:00
CentOS Update for openswan CESA-2011:1422 centos5 i386
2011-11-03 00:00:00
Fedora Update for openswan FEDORA-2011-15077
2011-12-12 00:00:00
nessus
nessus
Openswan < 2.6.37 Cryptographic Helper Use-After-Free Remote DoS
2015-01-28 00:00:00
Oracle Linux 5 / 6 : openswan (ELSA-2011-1422)
2013-07-12 00:00:00
Fedora 15 : openswan-2.6.37-1.fc15 (2011-15077)
2011-12-12 00:00:00
securityvulns
securityvulns
OpenSWAN use-after-free
2012-01-09 00:00:00
CVE-2011-4073 Openswan crypto helper crasher
2012-01-09 00:00:00
amazon
amazon
Medium: openswan
2011-11-09 21:34:00
osv
osv
openswan - implementation error
2011-12-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:03:19
oraclelinux
oraclelinux
openswan security update
2011-11-02 00:00:00
cvelist
cvelist
CVE-2011-4073
2011-11-17 19:00:00
debian
debian
[BSA-061] Security Update for openswan
2012-01-02 20:07:53
[BSA-061] Security Update for openswan
2012-01-02 20:07:53
[SECURITY] [DSA 2374-1] openswan security update
2011-12-26 12:33:24
cve
cve
CVE-2011-4073
2011-11-17 19:55:01
redhat
redhat
(RHSA-2011:1422) Moderate: openswan security update
2011-11-02 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: openswan-2.6.37-1.fc16
2011-12-10 19:48:36
[SECURITY] Fedora 14 Update: openswan-2.6.33-3.fc14
2011-12-10 19:50:44
[SECURITY] Fedora 15 Update: openswan-2.6.37-1.fc15
2011-12-10 19:56:46
ubuntucve
ubuntucve
CVE-2011-4073
2011-11-17 00:00:00
gentoo
gentoo
Openswan: Denial of service
2012-03-16 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
6
Confidence
Low
EPSS
0.01
Percentile
83.9%
Related for NVD:CVE-2011-4073