CVE-2009-2185 [中] | Input Validation Bypass（Strongswan）

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

#	日付	旧 EPSS スコア	新 EPSS スコア	Δ（新 − 旧）
1	2026-06-15	8.23%	2.71%	-5.52%
2	2025-12-01	6.30%	8.23%	+1.93%
3	2025-03-30	—	6.30%	—

日付

旧 EPSS スコア

新 EPSS スコア

Δ（新 − 旧）

2026-06-15

8.23%

2.71%

-5.52%

2025-12-01

6.30%

8.23%

+1.93%

2025-03-30

—

6.30%

—

ベーススコア	バージョン	深刻度	ベクトル	悪用しやすさ	影響	スコアの出典
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:N/A:P` クリックして展開アクセス経路 (AV:N) ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。アクセスの複雑さ (AC:L) 手順が短く、再現性が高い。認証 (AU:N) 認証を経ずに攻撃を完結できる。機密性への影響 (C:N) 機密性は損なわれない。完全性への影響 (I:N) 完全性は損なわれない。可用性への影響 (A:P) 可用性は部分的に損なわれる。	10.0	2.9	[email protected]

ベーススコア

バージョン

深刻度

ベクトル

悪用しやすさ

影響

スコアの出典

5.0

2.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P クリックして展開

アクセス経路 (AV:N): ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。
アクセスの複雑さ (AC:L): 手順が短く、再現性が高い。
認証 (AU:N): 認証を経ずに攻撃を完結できる。
機密性への影響 (C:N): 機密性は損なわれない。
完全性への影響 (I:N): 完全性は損なわれない。
可用性への影響 (A:P): 可用性は部分的に損なわれる。

10.0

2.9

[email protected]

CVE-2009-2185 の OS トラッカー

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2009-2185 not yet assigned priority: Debian including 1 source packages (strongswan), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2009-2185
`gentoo`	normal	CVE-2009-2185: 1 GLSA(s) (200909-05), 1 atom(s) (net-misc/openswan); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2009-2185
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2009-2185
`ubuntu`	medium	CVE-2009-2185 medium priority: Ubuntu including 2 source packages (openswan, strongswan), 20 status rows across 10 suites (dapper, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): not-affected 9, ignored 5, released 4, DNE 1, needs-triage 1.	https://ubuntu.com/security/CVE-2009-2185

CVE-2009-2185 の影響を受けるソフトウェア／構成

ベンダー	製品	バージョン	生の CPE
strongswan	strongswan	2.8.0	cpe:2.3:a:strongswan:strongswan:2.8.0:::::::*
strongswan	strongswan	2.8.1	cpe:2.3:a:strongswan:strongswan:2.8.1:::::::*
strongswan	strongswan	2.8.2	cpe:2.3:a:strongswan:strongswan:2.8.2:::::::*
strongswan	strongswan	2.8.3	cpe:2.3:a:strongswan:strongswan:2.8.3:::::::*
strongswan	strongswan	2.8.4	cpe:2.3:a:strongswan:strongswan:2.8.4:::::::*
strongswan	strongswan	2.8.5	cpe:2.3:a:strongswan:strongswan:2.8.5:::::::*
strongswan	strongswan	2.8.6	cpe:2.3:a:strongswan:strongswan:2.8.6:::::::*
strongswan	strongswan	2.8.7	cpe:2.3:a:strongswan:strongswan:2.8.7:::::::*
strongswan	strongswan	2.8.8	cpe:2.3:a:strongswan:strongswan:2.8.8:::::::*
strongswan	strongswan	2.8.9	cpe:2.3:a:strongswan:strongswan:2.8.9:::::::*
strongswan	strongswan	2.8.10	cpe:2.3:a:strongswan:strongswan:2.8.10:::::::*
strongswan	strongswan	4.1	cpe:2.3:a:strongswan:strongswan:4.1:::::::*
strongswan	strongswan	4.2.0	cpe:2.3:a:strongswan:strongswan:4.2.0:::::::*
strongswan	strongswan	4.2.1	cpe:2.3:a:strongswan:strongswan:4.2.1:::::::*
strongswan	strongswan	4.2.2	cpe:2.3:a:strongswan:strongswan:4.2.2:::::::*
strongswan	strongswan	4.2.3	cpe:2.3:a:strongswan:strongswan:4.2.3:::::::*
strongswan	strongswan	4.2.4	cpe:2.3:a:strongswan:strongswan:4.2.4:::::::*
strongswan	strongswan	4.2.5	cpe:2.3:a:strongswan:strongswan:4.2.5:::::::*
strongswan	strongswan	4.2.6	cpe:2.3:a:strongswan:strongswan:4.2.6:::::::*
strongswan	strongswan	4.2.7	cpe:2.3:a:strongswan:strongswan:4.2.7:::::::*
strongswan	strongswan	4.2.8	cpe:2.3:a:strongswan:strongswan:4.2.8:::::::*
strongswan	strongswan	4.2.9	cpe:2.3:a:strongswan:strongswan:4.2.9:::::::*
strongswan	strongswan	4.2.10	cpe:2.3:a:strongswan:strongswan:4.2.10:::::::*
strongswan	strongswan	4.2.11	cpe:2.3:a:strongswan:strongswan:4.2.11:::::::*
strongswan	strongswan	4.2.12	cpe:2.3:a:strongswan:strongswan:4.2.12:::::::*
strongswan	strongswan	4.2.13	cpe:2.3:a:strongswan:strongswan:4.2.13:::::::*
strongswan	strongswan	4.2.14	cpe:2.3:a:strongswan:strongswan:4.2.14:::::::*
strongswan	strongswan	4.2.15	cpe:2.3:a:strongswan:strongswan:4.2.15:::::::*
strongswan	strongswan	4.3.0	cpe:2.3:a:strongswan:strongswan:4.3.0:::::::*
strongswan	strongswan	4.3.1	cpe:2.3:a:strongswan:strongswan:4.3.1:::::::*
xelerance	openswan	2.4.0	cpe:2.3:a:xelerance:openswan:2.4.0:::::::*
xelerance	openswan	2.4.1	cpe:2.3:a:xelerance:openswan:2.4.1:::::::*
xelerance	openswan	2.4.2	cpe:2.3:a:xelerance:openswan:2.4.2:::::::*
xelerance	openswan	2.4.3	cpe:2.3:a:xelerance:openswan:2.4.3:::::::*
xelerance	openswan	2.4.4	cpe:2.3:a:xelerance:openswan:2.4.4:::::::*
xelerance	openswan	2.4.5	cpe:2.3:a:xelerance:openswan:2.4.5:::::::*
xelerance	openswan	2.4.9	cpe:2.3:a:xelerance:openswan:2.4.9:::::::*
xelerance	openswan	2.4.10	cpe:2.3:a:xelerance:openswan:2.4.10:::::::*
xelerance	openswan	2.6.03	cpe:2.3:a:xelerance:openswan:2.6.03:::::::*
xelerance	openswan	2.6.04	cpe:2.3:a:xelerance:openswan:2.6.04:::::::*
xelerance	openswan	2.6.05	cpe:2.3:a:xelerance:openswan:2.6.05:::::::*
xelerance	openswan	2.6.06	cpe:2.3:a:xelerance:openswan:2.6.06:::::::*
xelerance	openswan	2.6.07	cpe:2.3:a:xelerance:openswan:2.6.07:::::::*
xelerance	openswan	2.6.08	cpe:2.3:a:xelerance:openswan:2.6.08:::::::*
xelerance	openswan	2.6.09	cpe:2.3:a:xelerance:openswan:2.6.09:::::::*
xelerance	openswan	2.6.10	cpe:2.3:a:xelerance:openswan:2.6.10:::::::*
xelerance	openswan	2.6.11	cpe:2.3:a:xelerance:openswan:2.6.11:::::::*
xelerance	openswan	2.6.12	cpe:2.3:a:xelerance:openswan:2.6.12:::::::*
xelerance	openswan	2.6.13	cpe:2.3:a:xelerance:openswan:2.6.13:::::::*
xelerance	openswan	2.6.14	cpe:2.3:a:xelerance:openswan:2.6.14:::::::*
xelerance	openswan	2.6.15	cpe:2.3:a:xelerance:openswan:2.6.15:::::::*
xelerance	openswan	2.6.16	cpe:2.3:a:xelerance:openswan:2.6.16:::::::*
xelerance	openswan	2.6.17	cpe:2.3:a:xelerance:openswan:2.6.17:::::::*
xelerance	openswan	2.6.18	cpe:2.3:a:xelerance:openswan:2.6.18:::::::*
xelerance	openswan	2.6.19	cpe:2.3:a:xelerance:openswan:2.6.19:::::::*
xelerance	openswan	2.6.20	cpe:2.3:a:xelerance:openswan:2.6.20:::::::*

CVE-2009-2185 の参考情報

URL	タグ
http://download.strongswan.org/CHANGES2.txt	Vendor Advisory
http://download.strongswan.org/CHANGES4.txt	Vendor Advisory
http://download.strongswan.org/CHANGES42.txt	Vendor Advisory
http://secunia.com/advisories/35522	Vendor Advisory
http://secunia.com/advisories/35698
http://secunia.com/advisories/35740
http://secunia.com/advisories/35804
http://secunia.com/advisories/36922
http://secunia.com/advisories/36950
http://secunia.com/advisories/37504
http://up2date.astaro.com/2009/07/up2date_7404_released.html
http://www.debian.org/security/2009/dsa-1898
http://www.debian.org/security/2009/dsa-1899
http://www.ingate.com/Relnote.php?ver=481
http://www.redhat.com/support/errata/RHSA-2009-1138.html
http://www.securityfocus.com/bid/35452	Patch
http://www.securitytracker.com/id?1022428
http://www.vupen.com/english/advisories/2009/1639	Vendor Advisory
http://www.vupen.com/english/advisories/2009/1706
http://www.vupen.com/english/advisories/2009/1829
http://www.vupen.com/english/advisories/2009/3354
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html

URL

タグ

http://download.strongswan.org/CHANGES2.txt

Vendor Advisory

http://download.strongswan.org/CHANGES4.txt

Vendor Advisory

http://download.strongswan.org/CHANGES42.txt

Vendor Advisory

http://secunia.com/advisories/35522

Vendor Advisory

http://secunia.com/advisories/35698

http://secunia.com/advisories/35740