OpenCVE

Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux
Xelerance	Openswan

Configuration 1 [-]

OR	cpe:2.3:a:xelerance:openswan:2.3.0:::::::*
	cpe:2.3:a:xelerance:openswan:2.3.1:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.0:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.1:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.2:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.3:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.4:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.5:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.6:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.7:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.8:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.9:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.10:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.11:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.12:::::::*
	cpe:2.3:a:xelerance:openswan:2.4.13:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.0:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.0:sbs4::::::
	cpe:2.3:a:xelerance:openswan:2.5.0:sbs5::::::
	cpe:2.3:a:xelerance:openswan:2.5.01:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.02:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.03:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.04:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.05:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.06:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.07:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.08:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.09:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.10:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.11:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.12:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.13:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.14:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.15:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.16:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.17:::::::*
	cpe:2.3:a:xelerance:openswan:2.5.18:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.01:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.02:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.03:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.04:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.05:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.06:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.07:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.08:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.09:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.10:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.11:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.12:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.13:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.14:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.15:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.16:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.17:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.18:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.19:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.20:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.21:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.22:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.23:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.24:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.25:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.26:::::::*
	cpe:2.3:a:xelerance:openswan:2.6.27:::::::*
cpe:2.3:a:xelerance:openswan:2.6.28:::::::*
cpe:2.3:a:xelerance:openswan:2.6.29:::::::*
cpe:2.3:a:xelerance:openswan:2.6.30:::::::*
cpe:2.3:a:xelerance:openswan:2.6.31:::::::*
cpe:2.3:a:xelerance:openswan:2.6.32:::::::*
cpe:2.3:a:xelerance:openswan:2.6.33:::::::*
cpe:2.3:a:xelerance:openswan:2.6.34:::::::*
cpe:2.3:a:xelerance:openswan:2.6.35:::::::*
cpe:2.3:a:xelerance:openswan:2.6.36:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
openswan-0:2.6.21-5.el5_7.6	cpe:/o:redhat:enterprise_linux:5	RHSA-2011:1422	2011-11-02T00:00:00Z
Red Hat Enterprise Linux 6
openswan-0:2.6.32-4.el6_1.4	cpe:/o:redhat:enterprise_linux:6	RHSA-2011:1422	2011-11-02T00:00:00Z

References

Link	Providers
http://openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt
http://secunia.com/advisories/46678
http://secunia.com/advisories/46681
http://secunia.com/advisories/47342
http://www.debian.org/security/2011/dsa-2374
http://www.openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt
http://www.redhat.com/support/errata/RHSA-2011-1422.html
http://www.securityfocus.com/bid/50440
http://www.securitytracker.com/id?1026268
https://nvd.nist.gov/vuln/detail/CVE-2011-4073
https://www.cve.org/CVERecord?id=CVE-2011-4073

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-11-17T19:00:00

Updated: 2024-08-06T23:53:32.636Z

Reserved: 2011-10-18T00:00:00

Link: CVE-2011-4073

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2011-11-17T19:55:01.390

Modified: 2019-07-29T14:24:46.720

Link: CVE-2011-4073

Redhat

Severity : Moderate

Publid Date: 2011-10-28T00:00:00Z

Links: CVE-2011-4073 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object