A DoS vulnerability triggered by an IKEv2 Key Exchange payload containing DH group 1025 was discovered in strongSwan. All versions since 4.5.0 are affected.
One of our users privately reported a denial-of-service vulnerability in strongSwan. Affected are strongSwan versions 4.5.0 and newer, up to 5.2.1.
CVE-2014-9221 has been assigned for this vulnerability.
The bug can be triggered by an IKEv2 Key Exchange (KE) payload that contains the Diffie-Hellman (DH) group 1025. This identifier is from the private-use range and only used internally by libtls for DH groups with custom generator and prime (MODP_CUSTOM). As such the instantiated DH implementation expects that these two values are passed to the constructor. This is not the case when a DH object is created based on the group in the KE payload. Therefore, an invalid pointer is dereferenced later, which causes a segmentation fault. This means that the IKE daemon can be crashed with a single IKE_SA_INIT message containing such a KE payload.
Remote code execution is not possible due to this issue, nor is IKEv1 affected in charon or pluto.
Many thanks to Mike Daskalakis for reporting the issue responsibly.