CVE-2011-3380

Published: Nov 17, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.

Affected (7)

Products: Xelerance: Openswan

Xelerance

1 product

Openswan

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Xelerance Openswan	Version 2.6.29
Xelerance Openswan	Version 2.6.30
Xelerance Openswan	Version 2.6.31
Xelerance Openswan	Version 2.6.32
Xelerance Openswan	Version 2.6.33
Xelerance Openswan	Version 2.6.34
Xelerance Openswan	Version 2.6.35

References (6)

http://secunia.com/advisories/46306

Source: secalert@redhat.com

http://www.openswan.org/download/CVE-2011-3380/CVE-2011-3380.txt

Source: secalert@redhat.com

Patch

http://www.redhat.com/support/errata/RHSA-2011-1356.html

Source: secalert@redhat.com

http://secunia.com/advisories/46306

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openswan.org/download/CVE-2011-3380/CVE-2011-3380.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.redhat.com/support/errata/RHSA-2011-1356.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.