Home > Vulnerability Database > CVE-2016-10396

Mend.io Vulnerability Database

CVE-2016-10396

Date: July 5, 2017

The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place.

Language: Unix

Severity Score

7.5

Related Resources (6)

Url: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c?only_with_tag=MAIN

Url: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-10396

Url: https://access.redhat.com/security/cve/CVE-2016-10396

Url: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682

Url: https://www.mend.io/vulnerability-database/CVE-2016-10396

Severity Score

7.5

Weakness Type (CWE)

Inefficient Algorithmic Complexity

CWE-407

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-10396

Date: July 5, 2017

Language: Unix

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?