CVE-2015-3240
openswan: denial of service via IKE daemon restart when receiving a bad DH gx value
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet.
El demonio pluto IKE en libreswan en versiones anteriores a 3.15 y Openswan en versiones anteriores a 2.6.45, cuando ha sido construido con NSS, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y reinicio de demonio) a través de un valor zero DH g^x en un payload KE en un paquete IKE.
A flaw was discovered in the way Libreswan's IKE daemon processed IKE KE payloads. A remote attacker could send specially crafted IKE payload with a KE payload of g^x=0 that, when processed, would lead to a denial of service (daemon crash).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-10 CVE Reserved
- 2015-11-04 CVE Published
- 2024-02-09 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
- CWE-617: Reachable Assertion
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/77536 | Vdb Entry | |
http://www.securitytracker.com/id/1033418 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2015-1979.html | 2023-02-13 | |
https://libreswan.org/security/CVE-2015-3240/CVE-2015-3240.txt | 2023-02-13 | |
https://lists.openswan.org/pipermail/users/2015-August/023401.html | 2023-02-13 | |
https://security.gentoo.org/glsa/201603-13 | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2015-3240 | 2015-11-04 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1232320 | 2015-11-04 |