Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2014-2891
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-07 May, 2014 | 10:55
Updated At-12 Apr, 2025 | 10:46

strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Debian GNU/Linux
debian
>>strongswan>>Versions up to 5.1.2(inclusive)
cpe:2.3:a:debian:strongswan:*:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>Versions up to 5.1.1(inclusive)
cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>5.0.0
cpe:2.3:a:strongswan:strongswan:5.0.0:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>5.0.1
cpe:2.3:a:strongswan:strongswan:5.0.1:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>5.0.2
cpe:2.3:a:strongswan:strongswan:5.0.2:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>5.0.3
cpe:2.3:a:strongswan:strongswan:5.0.3:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>5.0.4
cpe:2.3:a:strongswan:strongswan:5.0.4:*:*:*:*:*:*:*
strongswan
strongswan
>>strongswan>>5.1.0
cpe:2.3:a:strongswan:strongswan:5.1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
Evaluator Description
Evaluator Impact

Per: http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html "Based on a crash report from one of our users we found that strongSwan versions before 5.1.2 are susceptible to a DoS vulnerability. Affected are strongSwan versions 4.3.3 and newer, up to 5.1.1. The latest release (5.1.3) is not affected."

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.htmlcve@mitre.org
N/A
http://secunia.com/advisories/59864cve@mitre.org
N/A
http://www.debian.org/security/2014/dsa-2922cve@mitre.org
N/A
http://www.securityfocus.com/bid/67212cve@mitre.org
N/A
http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/59864af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2014/dsa-2922af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/67212af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Change History
0Changes found
Details not found