CVE-2009-2185 — Improper Input Validation in Strongswan

CWE-20 — Improper Input Validation10 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

8.2%

top 7.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Debian Strongswan Xelerance Openswan

Timeline

PublishedJun 25

Latest updateMay 2

Description

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/strongswan< strongswan 4.2.14-1.2 (bookworm)+1

▶Debianstrongswan/strongswan< 4.2.14-1.2+7

▶NVDxelerance/openswan26 versions+25

▶NVDstrongswan/strongswan32 versions+31

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7j3p-ffqc-xjpg: The asn1_length function in strongSwan 2↗2022-05-02

▶

GHSA

GHSA-9g49-v8fv-gvm8: The ASN↗2022-05-02

▶

OSV

CVE-2009-2661: The asn1_length function in strongSwan 2↗2009-08-04

▶

OSV

CVE-2009-2185: The ASN↗2009-06-25

▶

📋Vendor Advisories

Red Hat

Openswan ASN.1 parser vulnerability↗2009-06-22

▶

Debian

CVE-2009-2185: strongswan - The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/as...↗2009

▶

Debian

CVE-2009-2661: strongswan - The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and...↗2009

▶

💬Community

Bugzilla

CVE-2009-2185 Openswan ASN.1 parser vulnerability↗2009-06-22

▶