CVE-2016-10396

Name of the Vulnerable Software and Affected Versions IPsec-Tools version 0.8.2

Description The issue concerns a computational-complexity attack that can be remotely exploited when parsing and storing ISAKMP fragments. This occurs because the implementation allows a remote attacker to exhaust computational resources by sending ISAKMP fragment packets in a specific order, resulting in the worst-case computational complexity in the algorithm used for fragment reassembly.

Recommendations For IPsec-Tools version 0.8.2, consider restricting access to the racoon daemon to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting the reception of ISAKMP fragment packets may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.