IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities
Related Alpine Linux releases: All earlier releases including alpine-1.8.1
* US-CERT reports: http://web.nvd.nist.gov/view/vuln/detail?execution=e1s1
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
* US-CERT reports: http://web.nvd.nist.gov/view/vuln/detail?execution=e5s1
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
(from redmine: issue id 37, created on 2009-05-23, closed on 2009-06-23)