Lucene search

K
nvd[email protected]NVD:CVE-2009-2185
HistoryJun 25, 2009 - 2:00 a.m.

CVE-2009-2185

2009-06-2502:00:00
CWE-20
web.nvd.nist.gov
3

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.075

Percentile

94.1%

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

Affected configurations

Nvd
Node
strongswanstrongswanMatch2.8.0
OR
strongswanstrongswanMatch2.8.1
OR
strongswanstrongswanMatch2.8.2
OR
strongswanstrongswanMatch2.8.3
OR
strongswanstrongswanMatch2.8.4
OR
strongswanstrongswanMatch2.8.5
OR
strongswanstrongswanMatch2.8.6
OR
strongswanstrongswanMatch2.8.7
OR
strongswanstrongswanMatch2.8.8
OR
strongswanstrongswanMatch2.8.9
OR
strongswanstrongswanMatch2.8.10
OR
strongswanstrongswanMatch4.1
OR
strongswanstrongswanMatch4.2.0
OR
strongswanstrongswanMatch4.2.1
OR
strongswanstrongswanMatch4.2.2
OR
strongswanstrongswanMatch4.2.3
OR
strongswanstrongswanMatch4.2.4
OR
strongswanstrongswanMatch4.2.5
OR
strongswanstrongswanMatch4.2.6
OR
strongswanstrongswanMatch4.2.7
OR
strongswanstrongswanMatch4.2.8
OR
strongswanstrongswanMatch4.2.9
OR
strongswanstrongswanMatch4.2.10
OR
strongswanstrongswanMatch4.2.11
OR
strongswanstrongswanMatch4.2.12
OR
strongswanstrongswanMatch4.2.13
OR
strongswanstrongswanMatch4.2.14
OR
strongswanstrongswanMatch4.2.15
OR
strongswanstrongswanMatch4.3.0
OR
strongswanstrongswanMatch4.3.1
OR
xeleranceopenswanMatch2.4.0
OR
xeleranceopenswanMatch2.4.1
OR
xeleranceopenswanMatch2.4.2
OR
xeleranceopenswanMatch2.4.3
OR
xeleranceopenswanMatch2.4.4
OR
xeleranceopenswanMatch2.4.5
OR
xeleranceopenswanMatch2.4.9
OR
xeleranceopenswanMatch2.4.10
OR
xeleranceopenswanMatch2.6.03
OR
xeleranceopenswanMatch2.6.04
OR
xeleranceopenswanMatch2.6.05
OR
xeleranceopenswanMatch2.6.06
OR
xeleranceopenswanMatch2.6.07
OR
xeleranceopenswanMatch2.6.08
OR
xeleranceopenswanMatch2.6.09
OR
xeleranceopenswanMatch2.6.10
OR
xeleranceopenswanMatch2.6.11
OR
xeleranceopenswanMatch2.6.12
OR
xeleranceopenswanMatch2.6.13
OR
xeleranceopenswanMatch2.6.14
OR
xeleranceopenswanMatch2.6.15
OR
xeleranceopenswanMatch2.6.16
OR
xeleranceopenswanMatch2.6.17
OR
xeleranceopenswanMatch2.6.18
OR
xeleranceopenswanMatch2.6.19
OR
xeleranceopenswanMatch2.6.20
VendorProductVersionCPE
strongswanstrongswan2.8.0cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*
strongswanstrongswan2.8.1cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*
strongswanstrongswan2.8.2cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*
strongswanstrongswan2.8.3cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*
strongswanstrongswan2.8.4cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*
strongswanstrongswan2.8.5cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*
strongswanstrongswan2.8.6cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*
strongswanstrongswan2.8.7cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*
strongswanstrongswan2.8.8cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*
strongswanstrongswan2.8.9cpe:2.3:a:strongswan:strongswan:2.8.9:*:*:*:*:*:*:*
Rows per page:
1-10 of 561

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.075

Percentile

94.1%