CVE-2008-4551

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
strongswanstrongswan
𝑥
≤ 4.2.6
strongswanstrongswan
2.0.0
strongswanstrongswan
2.0.1
strongswanstrongswan
2.0.2
strongswanstrongswan
2.1.0
strongswanstrongswan
2.1.1
strongswanstrongswan
2.1.2
strongswanstrongswan
2.1.3
strongswanstrongswan
2.1.4
strongswanstrongswan
2.1.5
strongswanstrongswan
2.2.0
strongswanstrongswan
2.2.1
strongswanstrongswan
2.2.2
strongswanstrongswan
2.3.0
strongswanstrongswan
2.3.1
strongswanstrongswan
2.3.2
strongswanstrongswan
2.4.0
strongswanstrongswan
2.4.0a:a
strongswanstrongswan
2.4.1
strongswanstrongswan
2.4.2
strongswanstrongswan
2.4.3
strongswanstrongswan
2.5.0
strongswanstrongswan
2.5.1
strongswanstrongswan
2.5.2
strongswanstrongswan
2.5.3
strongswanstrongswan
2.5.4
strongswanstrongswan
2.5.5
strongswanstrongswan
2.5.6
strongswanstrongswan
2.5.7
strongswanstrongswan
2.6.0
strongswanstrongswan
2.6.1
strongswanstrongswan
2.6.2
strongswanstrongswan
2.6.3
strongswanstrongswan
2.6.4
strongswanstrongswan
2.7.0
strongswanstrongswan
4.0.0
strongswanstrongswan
4.0.1
strongswanstrongswan
4.0.2
strongswanstrongswan
4.0.3
strongswanstrongswan
4.0.4
strongswanstrongswan
4.0.5
strongswanstrongswan
4.0.6
strongswanstrongswan
4.0.7
strongswanstrongswan
4.1.0
strongswanstrongswan
4.1.1
strongswanstrongswan
4.1.2
strongswanstrongswan
4.1.3
strongswanstrongswan
4.1.4
strongswanstrongswan
4.1.5
strongswanstrongswan
4.1.6
strongswanstrongswan
4.1.7
strongswanstrongswan
4.1.8
strongswanstrongswan
4.1.9
strongswanstrongswan
4.1.10
strongswanstrongswan
4.1.11
strongswanstrongswan
4.2.0
strongswanstrongswan
4.2.1
strongswanstrongswan
4.2.2
strongswanstrongswan
4.2.3
strongswanstrongswan
4.2.4
strongswanstrongswan
4.2.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
strongswan
bullseye (security)
5.9.1-1+deb11u4
fixed
bullseye
5.9.1-1+deb11u4
fixed
etch
not-affected
bookworm
5.9.8-5+deb12u1
fixed
bookworm (security)
5.9.8-5+deb12u1
fixed
sid
5.9.13-2
fixed
trixie
5.9.13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
strongswan
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
dapper
dne
Common Weakness Enumeration
References
http://download.strongswan.org/CHANGES4.txt
http://labs.mudynamics.com/advisories/MU-200809-01.txt
http://secunia.com/advisories/31963
http://www.securityfocus.com/bid/31291
http://www.securitytracker.com/id?1020903
http://www.vupen.com/english/advisories/2008/2660
http://download.strongswan.org/CHANGES4.txt
http://labs.mudynamics.com/advisories/MU-200809-01.txt
http://secunia.com/advisories/31963
http://www.securityfocus.com/bid/31291
http://www.securitytracker.com/id?1020903
http://www.vupen.com/english/advisories/2008/2660