CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 1CVE-2020-12823
https://notcve.org/view.php?id=CVE-2020-12823
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. OpenConnect versión 8.09, presenta un desbordamiento del búfer, causando una denegación de servicio (bloqueo de aplicación) o posiblemente otro impacto no especificado, por medio de datos de certificado diseñados en la función get_cert_name en el archivo gnutls.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html https://bugs.gentoo.org/721570 https://gitlab.com/openconnect/openconnect/-/merge_requests/108 https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12105
https://notcve.org/view.php?id=CVE-2020-12105
OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks. OpenConnect versiones hasta 8.08, maneja inapropiadamente los valores de retorno negativos a partir de llamadas de la función X509_check_, lo que podría ayudar a atacantes a llevar a cabo ataques de tipo man-in-the-middle . • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00039.html https://gitlab.com/openconnect/openconnect/-/merge_requests/96 https://security.gentoo.org/glsa/202006-15 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7098
https://notcve.org/view.php?id=CVE-2013-7098
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. El cliente OpenConnect VPN con GnuTLS versión anterior a 5.02, contiene un desbordamiento de la pila si la MTU se incrementa en la reconexión. • http://www.infradead.org/openconnect/changelog.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-16239
https://notcve.org/view.php?id=CVE-2019-16239
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. La función process_http_response en OpenConnect versiones anteriores a 8.05, presenta un desbordamiento de búfer cuando un servidor malicioso utiliza la codificación fragmentada HTTP con tamaños de fragmento especialmente diseñados. • http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00061.html https://lists.debian.org/debian-lts-announce/2019/10/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX56KYWC7X4ETV4P6HGJC7GZUEBITBBS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDMZGNBLZZKAGB • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.0EPSS: 1%CPEs: 39EXPL: 0CVE-2012-6128
https://notcve.org/view.php?id=CVE-2012-6128
Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response. Múltiples desbordamientos de búfer basados en pila en http.c en Openconnect anterior a v4.08 permite a gateways VPN remotos generar una denegación de servicio (caída de la aplicación) mediante un (1) hostname largo, (2) ruta, o (3) cookie en una respuesta. • http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491 http://lists.opensuse.org/opensuse-updates/2013-06/msg00115.html http://www.debian.org/security/2013/dsa-2623 http://www.infradead.org/openconnect/changelog.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:108 http://www.openwall.com/lists/oss-security/2013/02/12/7 http://www.securityfocus.com/bid/57884 https://exchange.xforce.ibmcloud.com/vulnerabilities/82058 https://wiki.mag • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •