National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:openswan:openswan:2.6.32
There are 4 matching records.
Vuln ID Summary CVSS Severity
CVE-2013-6466

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

Published: January 26, 2014; 03:55:05 PM -05:00
V2: 5.0 MEDIUM
CVE-2013-2053

Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.

Published: July 09, 2013; 01:55:01 PM -04:00
V2: 6.8 MEDIUM
CVE-2011-4073

Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.

Published: November 17, 2011; 02:55:01 PM -05:00
V2: 4.0 MEDIUM
CVE-2011-3380

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.

Published: November 17, 2011; 02:55:01 PM -05:00
V2: 5.0 MEDIUM