|Description||charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request.|
|Source||CVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||medium (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|strongswan (PTS)||wheezy (security), wheezy||4.5.2-1.5+deb7u8||fixed|
|jessie (security), jessie||5.2.1-6+deb8u2||fixed|
The information below is based on the following data on fixed versions.
[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)