CVE-2008-4551

Name of the Vulnerable Software and Affected Versions strongSwan versions 4.2.6 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This is achieved by sending an IKE SA INIT message that includes a Key Exchange payload with a large number of NULL values. The NULL values trigger a NULL pointer dereference for the return value of the mpz export function in the GNU Multiprecision Library (GMP).

Recommendations For strongSwan versions 4.2.6 and earlier, update to a version later than 4.2.6 to resolve the issue. As a temporary workaround, consider restricting access to the IKE SA INIT message handling to minimize the risk of exploitation.