Medium severity5.3NVD Advisory· Published Feb 27, 2020· Updated Jun 17, 2026
CVE-2020-7042
CVE-2020-7042
Description
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- openfortivpn/openfortivpndescription
- Range: <1.11.0
- osv-coords3 versionspkg:rpm/opensuse/openfortivpn&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/openfortivpn&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openfortivpn&distro=SUSE%20Package%20Hub%2015%20SP1
< 1.12.0-lp151.2.5.1+ 2 more
- (no CPE)range: < 1.12.0-lp151.2.5.1
- (no CPE)range: < 1.17.1-1.1
- (no CPE)range: < 1.12.0-bp151.3.3.1
Patches
Vulnerability mechanics
References
8- github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3nvdPatchThird Party Advisory
- github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4nvdPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.htmlnvdMailing ListThird Party Advisory
- github.com/adrienverge/openfortivpn/issues/536nvdIssue TrackingThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/nvd
News mentions
0No linked articles in our index yet.