CVE-2011-4073

Public on 2011-11-09
Modified on 2014-09-14
Description
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
Severity
Medium severity
Medium
CVSS v3 Base Score
4.0
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 openswan 2011-11-09 ALAS-2011-18 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P
NVD CVSSv2 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P