Medium severity5.9NVD Advisory· Published Apr 23, 2020· Updated Jun 17, 2026
CVE-2020-12105
CVE-2020-12105
Description
OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17- OpenConnect/OpenConnectdescription
- Range: <=8.08
- osv-coords15 versionspkg:rpm/opensuse/oath-toolkit&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/openconnect&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/openconnect&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/openconnect&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/stoken&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/oath-toolkit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/oath-toolkit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/oath-toolkit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/stoken&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/stoken&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5
< 2.6.2-150000.3.5.1+ 14 more
- (no CPE)range: < 2.6.2-150000.3.5.1
- (no CPE)range: < 7.08-lp151.6.6.1
- (no CPE)range: < 9.12-150400.15.3.1
- (no CPE)range: < 8.10-2.6
- (no CPE)range: < 0.81-150400.13.2.1
- (no CPE)range: < 2.6.2-150000.3.5.1
- (no CPE)range: < 2.6.2-150000.3.5.1
- (no CPE)range: < 2.6.2-150000.3.5.1
- (no CPE)range: < 9.12-150400.15.3.1
- (no CPE)range: < 7.08-3.9.1
- (no CPE)range: < 7.08-3.9.1
- (no CPE)range: < 7.08-6.6.1
- (no CPE)range: < 9.12-150400.15.3.1
- (no CPE)range: < 0.81-150400.13.2.1
- (no CPE)range: < 0.81-150400.13.2.1
Patches
Vulnerability mechanics
References
3- lists.opensuse.org/opensuse-security-announce/2020-05/msg00039.htmlnvdMailing ListThird Party Advisory
- gitlab.com/openconnect/openconnect/-/merge_requests/96nvdThird Party Advisory
- security.gentoo.org/glsa/202006-15nvdThird Party Advisory
News mentions
0No linked articles in our index yet.