CVE-2009-0790
strongswan - denial of service
EPSS 10.9%
Description
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.
How to fix CVE-2009-0790
To remediate CVE-2009-0790, upgrade the affected package to a fixed version below.
- Debian/strongswan—upgrade to 4.2.14-1 or later
- —upgrade to 2.8.0+dfsg-1+etch1 or later
Is CVE-2009-0790 being exploited?
Moderate — EPSS is 10.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 4.2.14-1
- from 0, < 2.8.0+dfsg-1+etch1