CVE-2014-2037

Published: Nov 26, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

Affected (1)

Products: Xelerance: Openswan

Xelerance

1 product

Openswan

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xelerance Openswan	Version 2.6.40

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://www.openwall.com/lists/oss-security/2014/02/18/1

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/02/20/2

Source: cve@mitre.org

http://www.securityfocus.com/bid/65629

Source: cve@mitre.org

https://lists.openswan.org/pipermail/users/2014-February/022898.html

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/02/18/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/02/20/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/65629

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.openswan.org/pipermail/users/2014-February/022898.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.