// For flags

CVE-2011-3380

openswan: IKE invalid key length allows remote unauthenticated user to crash openswan

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.

Openswan v2.6.29 a través de v2.6.35 permite a atacantes remotos provocar una denegación de servicio (puntero a NULL y Plutón accidente demonio IKE) a través de un mensaje ISAKMP con un atributo no válido key_length, que no se gestiona adecuadamente por la función de control de errores.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-08-30 CVE Reserved
  • 2011-10-06 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xelerance
Search vendor "Xelerance"
Openswan
Search vendor "Xelerance" for product "Openswan"
2.6.29
Search vendor "Xelerance" for product "Openswan" and version "2.6.29"
-
Affected
Xelerance
Search vendor "Xelerance"
Openswan
Search vendor "Xelerance" for product "Openswan"
2.6.30
Search vendor "Xelerance" for product "Openswan" and version "2.6.30"
-
Affected
Xelerance
Search vendor "Xelerance"
Openswan
Search vendor "Xelerance" for product "Openswan"
2.6.31
Search vendor "Xelerance" for product "Openswan" and version "2.6.31"
-
Affected
Xelerance
Search vendor "Xelerance"
Openswan
Search vendor "Xelerance" for product "Openswan"
2.6.32
Search vendor "Xelerance" for product "Openswan" and version "2.6.32"
-
Affected
Xelerance
Search vendor "Xelerance"
Openswan
Search vendor "Xelerance" for product "Openswan"
2.6.33
Search vendor "Xelerance" for product "Openswan" and version "2.6.33"
-
Affected
Xelerance
Search vendor "Xelerance"
Openswan
Search vendor "Xelerance" for product "Openswan"
2.6.34
Search vendor "Xelerance" for product "Openswan" and version "2.6.34"
-
Affected
Xelerance
Search vendor "Xelerance"
Openswan
Search vendor "Xelerance" for product "Openswan"
2.6.35
Search vendor "Xelerance" for product "Openswan" and version "2.6.35"
-
Affected