Unrated severityNVD Advisory· Published Aug 4, 2009· Updated Jun 16, 2026
CVE-2009-2661
CVE-2009-2661
Description
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:2.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*
- (no CPE)range: >=2.8,<2.8.11 || >=4.2,<4.2.17 || >=4.3,<4.3.3
Patches
Vulnerability mechanics
References
10- download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patchnvdPatch
- lists.strongswan.org/pipermail/announce/2009-July/000056.htmlnvdPatch
- download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patchnvd
- lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.htmlnvd
- secunia.com/advisories/36922nvd
- up2date.astaro.com/2009/08/up2date_7505_released.htmlnvd
- www.debian.org/security/2009/dsa-1899nvd
- www.openwall.com/lists/oss-security/2009/07/27/1nvd
- www.vupen.com/english/advisories/2009/2247nvd
News mentions
0No linked articles in our index yet.