Lucene search

[email protected]NVD:CVE-2014-9221

HistoryJan 07, 2015 - 7:59 p.m.

CVE-2014-9221

2015-01-0719:59:01

CWE-19

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.9 High

AI Score

Confidence

High

0.082 Low

EPSS

Percentile

94.4%

JSON

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

Affected configurations

NVD

Node

strongswanstrongswanMatch4.5.0

strongswanstrongswanMatch4.5.1

strongswanstrongswanMatch4.5.2

strongswanstrongswanMatch4.5.3

strongswanstrongswanMatch4.6.0

strongswanstrongswanMatch4.6.1

strongswanstrongswanMatch4.6.2

strongswanstrongswanMatch4.6.3

strongswanstrongswanMatch4.6.4

strongswanstrongswanMatch5.0.0

strongswanstrongswanMatch5.0.1

strongswanstrongswanMatch5.0.2

strongswanstrongswanMatch5.0.3

strongswanstrongswanMatch5.0.4

strongswanstrongswanMatch5.1.0

strongswanstrongswanMatch5.1.1

strongswanstrongswanMatch5.1.2

strongswanstrongswanMatch5.1.3

strongswanstrongswanMatch5.2.0

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

Node

fedoraprojectfedoraMatch21

Node

debiandebian_linuxMatch7.0

References

lists.fedoraproject.org/pipermail/package-announce/2015-March/153825.html

lists.opensuse.org/opensuse-updates/2015-01/msg00054.html

secunia.com/advisories/62071

secunia.com/advisories/62083

secunia.com/advisories/62095

secunia.com/advisories/62663

strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html

strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html

www.debian.org/security/2015/dsa-3118

www.securityfocus.com/bid/71894

www.ubuntu.com/usn/USN-2450-1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.9 High

AI Score

Confidence

High

0.082 Low

EPSS

Percentile

94.4%

JSON

Related for NVD:CVE-2014-9221

cve1 nessus8 openvas8 debiancve1 prion1 ubuntu1 debian1 cvelist1 fedora4 securityvulns2 ubuntucve1 ibm1