The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.
https://exchange.xforce.ibmcloud.com/vulnerabilities/5634
http://archives.neohapsis.com/archives/bugtraq/2000-09/0299.html