rpm package
suse/openconnect&distro=SUSE Linux Enterprise Workstation Extension 12 SP5
pkg:rpm/suse/openconnect&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-12823 | Cri | 9.8 | < 7.08-3.12.1 | 7.08-3.12.1 | May 12, 2020 | OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. | |
| CVE-2020-12105 | Med | 5.9 | < 7.08-3.9.1 | 7.08-3.9.1 | Apr 23, 2020 | OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks. | |
| CVE-2019-16239 | Cri | 9.8 | < 7.08-3.4.1 | 7.08-3.4.1 | Sep 17, 2019 | process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. |
- affected < 7.08-3.12.1fixed 7.08-3.12.1
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
- affected < 7.08-3.9.1fixed 7.08-3.9.1
OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.
- affected < 7.08-3.4.1fixed 7.08-3.4.1
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.