CVE-2009-2185 [Medium] | Input Validation Bypass in Strongswan

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	8.23%	2.71%	-5.52%
2	2025-12-01	6.30%	8.23%	+1.93%
3	2025-03-30	—	6.30%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

8.23%

2.71%

-5.52%

2025-12-01

6.30%

8.23%

+1.93%

2025-03-30

—

6.30%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	10.0	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.0

2.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:P): Partial availability impact.

10.0

2.9

[email protected]

OS Trackers for CVE-2009-2185

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2009-2185 not yet assigned priority: Debian including 1 source packages (strongswan), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2009-2185
`gentoo`	normal	CVE-2009-2185: 1 GLSA(s) (200909-05), 1 atom(s) (net-misc/openswan); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2009-2185
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2009-2185
`ubuntu`	medium	CVE-2009-2185 medium priority: Ubuntu including 2 source packages (openswan, strongswan), 20 status rows across 10 suites (dapper, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): not-affected 9, ignored 5, released 4, DNE 1, needs-triage 1.	https://ubuntu.com/security/CVE-2009-2185

Affected software / configurations for CVE-2009-2185

Vendor	Product	Version	Raw CPE
strongswan	strongswan	2.8.0	cpe:2.3:a:strongswan:strongswan:2.8.0:::::::*
strongswan	strongswan	2.8.1	cpe:2.3:a:strongswan:strongswan:2.8.1:::::::*
strongswan	strongswan	2.8.2	cpe:2.3:a:strongswan:strongswan:2.8.2:::::::*
strongswan	strongswan	2.8.3	cpe:2.3:a:strongswan:strongswan:2.8.3:::::::*
strongswan	strongswan	2.8.4	cpe:2.3:a:strongswan:strongswan:2.8.4:::::::*
strongswan	strongswan	2.8.5	cpe:2.3:a:strongswan:strongswan:2.8.5:::::::*
strongswan	strongswan	2.8.6	cpe:2.3:a:strongswan:strongswan:2.8.6:::::::*
strongswan	strongswan	2.8.7	cpe:2.3:a:strongswan:strongswan:2.8.7:::::::*
strongswan	strongswan	2.8.8	cpe:2.3:a:strongswan:strongswan:2.8.8:::::::*
strongswan	strongswan	2.8.9	cpe:2.3:a:strongswan:strongswan:2.8.9:::::::*
strongswan	strongswan	2.8.10	cpe:2.3:a:strongswan:strongswan:2.8.10:::::::*
strongswan	strongswan	4.1	cpe:2.3:a:strongswan:strongswan:4.1:::::::*
strongswan	strongswan	4.2.0	cpe:2.3:a:strongswan:strongswan:4.2.0:::::::*
strongswan	strongswan	4.2.1	cpe:2.3:a:strongswan:strongswan:4.2.1:::::::*
strongswan	strongswan	4.2.2	cpe:2.3:a:strongswan:strongswan:4.2.2:::::::*
strongswan	strongswan	4.2.3	cpe:2.3:a:strongswan:strongswan:4.2.3:::::::*
strongswan	strongswan	4.2.4	cpe:2.3:a:strongswan:strongswan:4.2.4:::::::*
strongswan	strongswan	4.2.5	cpe:2.3:a:strongswan:strongswan:4.2.5:::::::*
strongswan	strongswan	4.2.6	cpe:2.3:a:strongswan:strongswan:4.2.6:::::::*
strongswan	strongswan	4.2.7	cpe:2.3:a:strongswan:strongswan:4.2.7:::::::*
strongswan	strongswan	4.2.8	cpe:2.3:a:strongswan:strongswan:4.2.8:::::::*
strongswan	strongswan	4.2.9	cpe:2.3:a:strongswan:strongswan:4.2.9:::::::*
strongswan	strongswan	4.2.10	cpe:2.3:a:strongswan:strongswan:4.2.10:::::::*
strongswan	strongswan	4.2.11	cpe:2.3:a:strongswan:strongswan:4.2.11:::::::*
strongswan	strongswan	4.2.12	cpe:2.3:a:strongswan:strongswan:4.2.12:::::::*
strongswan	strongswan	4.2.13	cpe:2.3:a:strongswan:strongswan:4.2.13:::::::*
strongswan	strongswan	4.2.14	cpe:2.3:a:strongswan:strongswan:4.2.14:::::::*
strongswan	strongswan	4.2.15	cpe:2.3:a:strongswan:strongswan:4.2.15:::::::*
strongswan	strongswan	4.3.0	cpe:2.3:a:strongswan:strongswan:4.3.0:::::::*
strongswan	strongswan	4.3.1	cpe:2.3:a:strongswan:strongswan:4.3.1:::::::*
xelerance	openswan	2.4.0	cpe:2.3:a:xelerance:openswan:2.4.0:::::::*
xelerance	openswan	2.4.1	cpe:2.3:a:xelerance:openswan:2.4.1:::::::*
xelerance	openswan	2.4.2	cpe:2.3:a:xelerance:openswan:2.4.2:::::::*
xelerance	openswan	2.4.3	cpe:2.3:a:xelerance:openswan:2.4.3:::::::*
xelerance	openswan	2.4.4	cpe:2.3:a:xelerance:openswan:2.4.4:::::::*
xelerance	openswan	2.4.5	cpe:2.3:a:xelerance:openswan:2.4.5:::::::*
xelerance	openswan	2.4.9	cpe:2.3:a:xelerance:openswan:2.4.9:::::::*
xelerance	openswan	2.4.10	cpe:2.3:a:xelerance:openswan:2.4.10:::::::*
xelerance	openswan	2.6.03	cpe:2.3:a:xelerance:openswan:2.6.03:::::::*
xelerance	openswan	2.6.04	cpe:2.3:a:xelerance:openswan:2.6.04:::::::*
xelerance	openswan	2.6.05	cpe:2.3:a:xelerance:openswan:2.6.05:::::::*
xelerance	openswan	2.6.06	cpe:2.3:a:xelerance:openswan:2.6.06:::::::*
xelerance	openswan	2.6.07	cpe:2.3:a:xelerance:openswan:2.6.07:::::::*
xelerance	openswan	2.6.08	cpe:2.3:a:xelerance:openswan:2.6.08:::::::*
xelerance	openswan	2.6.09	cpe:2.3:a:xelerance:openswan:2.6.09:::::::*
xelerance	openswan	2.6.10	cpe:2.3:a:xelerance:openswan:2.6.10:::::::*
xelerance	openswan	2.6.11	cpe:2.3:a:xelerance:openswan:2.6.11:::::::*
xelerance	openswan	2.6.12	cpe:2.3:a:xelerance:openswan:2.6.12:::::::*
xelerance	openswan	2.6.13	cpe:2.3:a:xelerance:openswan:2.6.13:::::::*
xelerance	openswan	2.6.14	cpe:2.3:a:xelerance:openswan:2.6.14:::::::*
xelerance	openswan	2.6.15	cpe:2.3:a:xelerance:openswan:2.6.15:::::::*
xelerance	openswan	2.6.16	cpe:2.3:a:xelerance:openswan:2.6.16:::::::*
xelerance	openswan	2.6.17	cpe:2.3:a:xelerance:openswan:2.6.17:::::::*
xelerance	openswan	2.6.18	cpe:2.3:a:xelerance:openswan:2.6.18:::::::*
xelerance	openswan	2.6.19	cpe:2.3:a:xelerance:openswan:2.6.19:::::::*
xelerance	openswan	2.6.20	cpe:2.3:a:xelerance:openswan:2.6.20:::::::*

References for CVE-2009-2185

URL	Tags
http://download.strongswan.org/CHANGES2.txt	Vendor Advisory
http://download.strongswan.org/CHANGES4.txt	Vendor Advisory
http://download.strongswan.org/CHANGES42.txt	Vendor Advisory
http://secunia.com/advisories/35522	Vendor Advisory
http://secunia.com/advisories/35698
http://secunia.com/advisories/35740
http://secunia.com/advisories/35804
http://secunia.com/advisories/36922
http://secunia.com/advisories/36950
http://secunia.com/advisories/37504
http://up2date.astaro.com/2009/07/up2date_7404_released.html
http://www.debian.org/security/2009/dsa-1898
http://www.debian.org/security/2009/dsa-1899
http://www.ingate.com/Relnote.php?ver=481
http://www.redhat.com/support/errata/RHSA-2009-1138.html
http://www.securityfocus.com/bid/35452	Patch
http://www.securitytracker.com/id?1022428
http://www.vupen.com/english/advisories/2009/1639	Vendor Advisory
http://www.vupen.com/english/advisories/2009/1706
http://www.vupen.com/english/advisories/2009/1829
http://www.vupen.com/english/advisories/2009/3354
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html

URL

CVE-2009-2185

Exploit prediction scoring system (EPSS) score for CVE-2009-2185

Common vulnerability scoring system (CVSS) metrics for CVE-2009-2185

Weakness enumeration for CVE-2009-2185

OS Trackers for CVE-2009-2185

Affected software / configurations for CVE-2009-2185

References for CVE-2009-2185