CVE-2014-9221
Summary
| CVE | CVE-2014-9221 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-01-07 19:59:00 UTC |
| Updated | 2023-11-07 02:23:00 UTC |
| Description | strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. |
Risk And Classification
Problem Types: CWE-19
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.10 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 21 | All | All | All |
| Operating System | Fedoraproject | Fedora | 21 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Application | Strongswan | Strongswan | 4.5.0 | All | All | All |
| Application | Strongswan | Strongswan | 4.5.1 | All | All | All |
| Application | Strongswan | Strongswan | 4.5.2 | All | All | All |
| Application | Strongswan | Strongswan | 4.5.3 | All | All | All |
| Application | Strongswan | Strongswan | 4.6.0 | All | All | All |
| Application | Strongswan | Strongswan | 4.6.1 | All | All | All |
| Application | Strongswan | Strongswan | 4.6.2 | All | All | All |
| Application | Strongswan | Strongswan | 4.6.3 | All | All | All |
| Application | Strongswan | Strongswan | 4.6.4 | All | All | All |
| Application | Strongswan | Strongswan | 5.0.0 | All | All | All |
| Application | Strongswan | Strongswan | 5.0.1 | All | All | All |
| Application | Strongswan | Strongswan | 5.0.2 | All | All | All |
| Application | Strongswan | Strongswan | 5.0.3 | All | All | All |
| Application | Strongswan | Strongswan | 5.0.4 | All | All | All |
| Application | Strongswan | Strongswan | 5.1.0 | All | All | All |
| Application | Strongswan | Strongswan | 5.1.1 | All | All | All |
| Application | Strongswan | Strongswan | 5.1.2 | All | All | All |
| Application | Strongswan | Strongswan | 5.1.3 | All | All | All |
| Application | Strongswan | Strongswan | 5.2.0 | All | All | All |
| Application | Strongswan | Strongswan | 4.5.0 | All | All | All |
| Application | Strongswan | Strongswan | 4.5.1 | All | All | All |
| Application | Strongswan | Strongswan | 4.5.2 | All | All | All |
| Application | Strongswan | Strongswan | 4.5.3 | All | All | All |
| Application | Strongswan | Strongswan | 4.6.0 | All | All | All |
| Application | Strongswan | Strongswan | 4.6.1 | All | All | All |
| Application | Strongswan | Strongswan | 4.6.2 | All | All | All |
| Application | Strongswan | Strongswan | 4.6.3 | All | All | All |
| Application | Strongswan | Strongswan | 4.6.4 | All | All | All |
| Application | Strongswan | Strongswan | 5.0.0 | All | All | All |
| Application | Strongswan | Strongswan | 5.0.1 | All | All | All |
| Application | Strongswan | Strongswan | 5.0.2 | All | All | All |
| Application | Strongswan | Strongswan | 5.0.3 | All | All | All |
| Application | Strongswan | Strongswan | 5.0.4 | All | All | All |
| Application | Strongswan | Strongswan | 5.1.0 | All | All | All |
| Application | Strongswan | Strongswan | 5.1.1 | All | All | All |
| Application | Strongswan | Strongswan | 5.1.2 | All | All | All |
| Application | Strongswan | Strongswan | 5.1.3 | All | All | All |
| Application | Strongswan | Strongswan | 5.2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| USN-2450-1: strongSwan vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| strongSwan - strongSwan Denial-of-Service Vulnerability (CVE-2014-9221) | strongswan.org | ||
| Debian -- Security Information -- DSA-3118-1 strongswan | DEBIAN | www.debian.org | Third Party Advisory |
| [SECURITY] Fedora 21 Update: strongswan-5.2.2-2.fc21 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| Security Advisory SA62071 - Debian update for strongswan - Secunia | SECUNIA | secunia.com | Permissions Required, Third Party Advisory |
| strongSwan - strongSwan Denial-of-Service Vulnerability (CVE-2014-9221) | CONFIRM | strongswan.org | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| Security Advisory SA62663 - SUSE update for strongswan - Secunia | SECUNIA | secunia.com | Permissions Required, Third Party Advisory |
| Strongswan IKEv2 Payloads CVE-2014-9221 Remote Denial Of Service Vulnerability | BID | www.securityfocus.com | |
| Security Advisory SA62095 - strongSwan IKE_SA_INIT Message Handling Denial of Service Vulnerability - Secunia | SECUNIA | secunia.com | Permissions Required, Third Party Advisory |
| openSUSE-SU-2015:0114-1: moderate: Security update for strongswan | SUSE | lists.opensuse.org | Third Party Advisory |
| strongSwan - strongSwan 5.2.2 Released | CONFIRM | strongswan.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.