CVE-2015-3204

Name of the Vulnerable Software and Affected Versions libreswan versions 3.9 through 3.12

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon restart, via an IKEv1 packet with specific characteristics, such as unassigned bits set in the IPSEC DOI value or the next payload value set to ISAKMP NEXT SAK. A flaw was discovered in the way Libreswan's IKE daemon processed certain IKEv1 payloads, which could lead to a denial of service when specially crafted IKEv1 payloads are sent.

Recommendations For libreswan versions 3.9 through 3.12, consider restricting the processing of IKEv1 packets with unassigned bits set in the IPSEC DOI value or the next payload value set to ISAKMP NEXT SAK to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.