CVE-2011-4073

Name of the Vulnerable Software and Affected Versions Openswan versions 2.3.0 through 2.6.36

Description The issue is related to a use-after-free vulnerability in the cryptographic helper handler functionality. This vulnerability allows remote authenticated users to cause a denial of service, specifically a crash of the pluto IKE daemon, via vectors related to the quick outI1 continue and quick outI1 functions. The vulnerability can be exploited remotely by an authenticated attacker, leading to a disruption of protected information.

Recommendations For Openswan versions 2.3.0 through 2.6.36, consider updating to a version newer than 2.6.36 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.