OpenIKED is developed with the same rigorous security process that the OpenBSD group is famous for. If you wish to report a security issue in OpenIKED, please contact the OpenBSD project. For more information, see the OpenBSD Security page.
April 10, 2025
In all versions of OpenIKED up to 7.4 an unauthenticated party could trigger a
double-free in ECDH by sending a specially crafted handshake message.
For more information see the OpenBSD source code patch. This bug is corrected in OpenBSD's current and stable branches. Binary updates for OpenBSD 7.5 and 7.6 can be obtained with the syspatch(8) utility.
July 27, 2020
All versions of OpenIKED in OpenBSD through 6.7 were vulnerable to an
authentication bypass due to incorrect use of the EVP_PKEY_cmp() function.
For more information see
the OpenBSD source code patch.
This bug is corrected in OpenBSD's current and stable branches. Binary updates
for OpenBSD 6.6 and OpenBSD 6.7 can be obtained with the
syspatch(8) utility.