CVE-2004-0221

Name of the Vulnerable Software and Affected Versions OpenBSD versions 3.4 and earlier

Description The issue allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error. This has been demonstrated by the Striker ISAKMP Protocol Test Suite.

Recommendations For OpenBSD versions 3.4 and earlier, consider upgrading to a newer version to resolve the issue. As a temporary workaround, restrict access to the isakmpd service to minimize the risk of exploitation.