Vulnerability Details : CVE-2004-0220
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2004-0220
Probability of exploitation activity in the next 30 days: 1.76%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0220
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2004-0220
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-0220
-
http://marc.info/?l=bugtraq&m=108008530028019&w=2
'R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities' - MARC
-
http://www.kb.cert.org/vuls/id/223273
US Government Resource
- http://www.securityfocus.com/bid/9907
-
http://www.rapid7.com/advisories/R7-0018.html
404 Page Not Found
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15629
-
http://www.openbsd.org/errata.html
OpenBSD: Errata and PatchesPatch
- http://www.securitytracker.com/alerts/2004/Mar/1009468.html
Products affected by CVE-2004-0220
- cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*