CVE-2016-10396
Description
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.076
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2018:0423-1(SUSE Linux Enterprise Server 11-SP4 ) ipsec-tools-0.7.3-1.38.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0424-1(SUSE Linux Enterprise Server 12-SP2 ) ipsec-tools-0.8.0-19.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0424-1(SUSE Linux Enterprise Server 12-SP2 ) ipsec-tools-debuginfo-0.8.0-19.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0424-1(SUSE Linux Enterprise Server 12-SP2 ) ipsec-tools-debugsource-0.8.0-19.3.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234