CVE-2009-1574

racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.

🔗 References (56)

• cve@mitrehttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
• cve@mitrehttp://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
• cve@mitrehttp://secunia.com/advisories/35113
• cve@mitrehttp://secunia.com/advisories/35153
• cve@mitrehttp://secunia.com/advisories/35159
• cve@mitrehttp://secunia.com/advisories/35212
• cve@mitrehttp://secunia.com/advisories/35404
• cve@mitrehttp://secunia.com/advisories/35685
• cve@mitrehttp://security.gentoo.org/glsa/glsa-200905-03.xml
• cve@mitrehttp://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611
• cve@mitrehttp://support.apple.com/kb/HT3937
• cve@mitrehttp://support.apple.com/kb/HT4298
• cve@mitrehttp://www.debian.org/security/2009/dsa-1804