CVE-2009-1958

Description

charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.

How to fix CVE-2009-1958

To remediate CVE-2009-1958, upgrade the affected package to a fixed version below.

• Debian/strongswan—upgrade to 4.2.14-1.1 or later

Is CVE-2009-1958 being exploited?

Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.2.14-1.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-1958