Critical severity9.8NVD Advisory· Published May 12, 2020· Updated Jun 17, 2026
CVE-2020-12823
CVE-2020-12823
Description
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19- OpenConnect/OpenConnectdescription
- Range: =8.09
- osv-coords17 versionspkg:rpm/opensuse/oath-toolkit&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/openconnect&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/openconnect&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/openconnect&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/openconnect&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/stoken&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/oath-toolkit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/oath-toolkit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/oath-toolkit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/stoken&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/stoken&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5
< 2.6.2-150000.3.5.1+ 16 more
- (no CPE)range: < 2.6.2-150000.3.5.1
- (no CPE)range: < 7.08-lp151.6.9.1
- (no CPE)range: < 7.08-lp152.9.4.2
- (no CPE)range: < 9.12-150400.15.3.1
- (no CPE)range: < 8.10-2.6
- (no CPE)range: < 0.81-150400.13.2.1
- (no CPE)range: < 2.6.2-150000.3.5.1
- (no CPE)range: < 2.6.2-150000.3.5.1
- (no CPE)range: < 2.6.2-150000.3.5.1
- (no CPE)range: < 9.12-150400.15.3.1
- (no CPE)range: < 7.08-3.12.1
- (no CPE)range: < 7.08-3.12.1
- (no CPE)range: < 7.08-6.9.1
- (no CPE)range: < 7.08-6.9.1
- (no CPE)range: < 9.12-150400.15.3.1
- (no CPE)range: < 0.81-150400.13.2.1
- (no CPE)range: < 0.81-150400.13.2.1
Patches
Vulnerability mechanics
References
9- gitlab.com/openconnect/openconnect/-/merge_requests/108nvdPatchThird Party Advisory
- bugs.gentoo.org/721570nvdExploitThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2020/05/msg00015.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202006-15nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYSXLXAPXD2T73T6JMHI5G2WP7KHAGMN/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEVTIH5UFX35CC7MVSYBGRM3D66ACFD5/nvd
News mentions
0No linked articles in our index yet.