CVE-2008-4551

EUVD-2008-4532
strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
strongswanstrongswan
𝑥
≤ 4.2.6
strongswanstrongswan
2.0.0
strongswanstrongswan
2.0.1
strongswanstrongswan
2.0.2
strongswanstrongswan
2.1.0
strongswanstrongswan
2.1.1
strongswanstrongswan
2.1.2
strongswanstrongswan
2.1.3
strongswanstrongswan
2.1.4
strongswanstrongswan
2.1.5
strongswanstrongswan
2.2.0
strongswanstrongswan
2.2.1
strongswanstrongswan
2.2.2
strongswanstrongswan
2.3.0
strongswanstrongswan
2.3.1
strongswanstrongswan
2.3.2
strongswanstrongswan
2.4.0
strongswanstrongswan
2.4.0a:a
strongswanstrongswan
2.4.1
strongswanstrongswan
2.4.2
strongswanstrongswan
2.4.3
strongswanstrongswan
2.5.0
strongswanstrongswan
2.5.1
strongswanstrongswan
2.5.2
strongswanstrongswan
2.5.3
strongswanstrongswan
2.5.4
strongswanstrongswan
2.5.5
strongswanstrongswan
2.5.6
strongswanstrongswan
2.5.7
strongswanstrongswan
2.6.0
strongswanstrongswan
2.6.1
strongswanstrongswan
2.6.2
strongswanstrongswan
2.6.3
strongswanstrongswan
2.6.4
strongswanstrongswan
2.7.0
strongswanstrongswan
4.0.0
strongswanstrongswan
4.0.1
strongswanstrongswan
4.0.2
strongswanstrongswan
4.0.3
strongswanstrongswan
4.0.4
strongswanstrongswan
4.0.5
strongswanstrongswan
4.0.6
strongswanstrongswan
4.0.7
strongswanstrongswan
4.1.0
strongswanstrongswan
4.1.1
strongswanstrongswan
4.1.2
strongswanstrongswan
4.1.3
strongswanstrongswan
4.1.4
strongswanstrongswan
4.1.5
strongswanstrongswan
4.1.6
strongswanstrongswan
4.1.7
strongswanstrongswan
4.1.8
strongswanstrongswan
4.1.9
strongswanstrongswan
4.1.10
strongswanstrongswan
4.1.11
strongswanstrongswan
4.2.0
strongswanstrongswan
4.2.1
strongswanstrongswan
4.2.2
strongswanstrongswan
4.2.3
strongswanstrongswan
4.2.4
strongswanstrongswan
4.2.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
strongswan
bookworm
5.9.8-5+deb12u1
fixed
bookworm (security)
5.9.8-5+deb12u1
fixed
bullseye
5.9.1-1+deb11u4
fixed
bullseye (security)
5.9.1-1+deb11u4
fixed
etch
not-affected
sid
5.9.13-2
fixed
trixie
5.9.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
strongswan
dapper
dne
gutsy
ignored
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
http://download.strongswan.org/CHANGES4.txt
http://labs.mudynamics.com/advisories/MU-200809-01.txt
http://secunia.com/advisories/31963
http://www.securityfocus.com/bid/31291
http://www.securitytracker.com/id?1020903
http://www.vupen.com/english/advisories/2008/2660
http://download.strongswan.org/CHANGES4.txt
http://labs.mudynamics.com/advisories/MU-200809-01.txt
http://secunia.com/advisories/31963
http://www.securityfocus.com/bid/31291
http://www.securitytracker.com/id?1020903
http://www.vupen.com/english/advisories/2008/2660