CVE-2011-4073

Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
xeleranceopenswan
2.3.0
xeleranceopenswan
2.3.1
xeleranceopenswan
2.4.0
xeleranceopenswan
2.4.1
xeleranceopenswan
2.4.2
xeleranceopenswan
2.4.3
xeleranceopenswan
2.4.4
xeleranceopenswan
2.4.5
xeleranceopenswan
2.4.6
xeleranceopenswan
2.4.7
xeleranceopenswan
2.4.8
xeleranceopenswan
2.4.9
xeleranceopenswan
2.4.10
xeleranceopenswan
2.4.11
xeleranceopenswan
2.4.12
xeleranceopenswan
2.4.13
xeleranceopenswan
2.5.0
xeleranceopenswan
2.5.0:sbs4
xeleranceopenswan
2.5.0:sbs5
xeleranceopenswan
2.5.01
xeleranceopenswan
2.5.02
xeleranceopenswan
2.5.03
xeleranceopenswan
2.5.04
xeleranceopenswan
2.5.05
xeleranceopenswan
2.5.06
xeleranceopenswan
2.5.07
xeleranceopenswan
2.5.08
xeleranceopenswan
2.5.09
xeleranceopenswan
2.5.10
xeleranceopenswan
2.5.11
xeleranceopenswan
2.5.12
xeleranceopenswan
2.5.13
xeleranceopenswan
2.5.14
xeleranceopenswan
2.5.15
xeleranceopenswan
2.5.16
xeleranceopenswan
2.5.17
xeleranceopenswan
2.5.18
xeleranceopenswan
2.6.01
xeleranceopenswan
2.6.02
xeleranceopenswan
2.6.03
xeleranceopenswan
2.6.04
xeleranceopenswan
2.6.05
xeleranceopenswan
2.6.06
xeleranceopenswan
2.6.07
xeleranceopenswan
2.6.08
xeleranceopenswan
2.6.09
xeleranceopenswan
2.6.10
xeleranceopenswan
2.6.11
xeleranceopenswan
2.6.12
xeleranceopenswan
2.6.13
xeleranceopenswan
2.6.14
xeleranceopenswan
2.6.15
xeleranceopenswan
2.6.16
xeleranceopenswan
2.6.17
xeleranceopenswan
2.6.18
xeleranceopenswan
2.6.19
xeleranceopenswan
2.6.20
xeleranceopenswan
2.6.21
xeleranceopenswan
2.6.22
xeleranceopenswan
2.6.23
xeleranceopenswan
2.6.24
xeleranceopenswan
2.6.25
xeleranceopenswan
2.6.26
xeleranceopenswan
2.6.27
xeleranceopenswan
2.6.28
xeleranceopenswan
2.6.29
xeleranceopenswan
2.6.30
xeleranceopenswan
2.6.31
xeleranceopenswan
2.6.32
xeleranceopenswan
2.6.33
xeleranceopenswan
2.6.34
xeleranceopenswan
2.6.35
xeleranceopenswan
2.6.36
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openswan
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
Fixed 1:2.6.28+dfsg-5squeeze1build0.11.04.1
released
maverick
ignored
lucid
ignored
hardy
Fixed 1:2.4.9+dfsg-1ubuntu0.1
released
Common Weakness Enumeration
References
http://secunia.com/advisories/46678
http://secunia.com/advisories/46681
http://secunia.com/advisories/47342
http://www.debian.org/security/2011/dsa-2374
http://www.openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt
http://www.redhat.com/support/errata/RHSA-2011-1422.html
http://www.securityfocus.com/bid/50440
http://www.securitytracker.com/id?1026268
http://secunia.com/advisories/46678
http://secunia.com/advisories/46681
http://secunia.com/advisories/47342
http://www.debian.org/security/2011/dsa-2374
http://www.openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt
http://www.redhat.com/support/errata/RHSA-2011-1422.html
http://www.securityfocus.com/bid/50440
http://www.securitytracker.com/id?1026268