Vulnerability: Denial-of-Service vulnerability in the IKEv2 key derivation CVE ID: CVE-2018-10811 Affected Versions: All strongSwan versions since 5.0.1 Root Cause: Missing initialization of a variable in IKEv2 Key Derivation - The variable storing the SKEYSEED is not initialized before using the negotiated PRF - If set_key() or allocate_bytes() fails, chunk_clear() will attempt to write to an uninitialized pointer, causing a crash Mitigation: - If OpenSSL is not in FIPS mode, the issue should not be triggered - strongSwan 5.6.1 removed MD5 from the default proposal, fixing the issue for recent releases - Loading the test-vectors plugin and enabling charon.crypto_test.required can help mitigate the problem - Patches are provided for older releases