CyberSec.Space Logo
Back to CVE Browser

CVE-2020-12823

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile27.78th
PublishedMay 12, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

Affected Platforms (CPE)

πŸ“¦
Infradead

Openconnect

= 8.09
πŸ’»
Fedoraproject

Fedora

= 30
πŸ’»
Fedoraproject

Fedora

= 31
πŸ’»
Fedoraproject

Fedora

= 32
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Opensuse

Leap

= 15.1
πŸ’»
Opensuse

Leap

= 15.2

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html
πŸ”— https://bugs.gentoo.org/721570
πŸ”— https://gitlab.com/openconnect/openconnect/-/merge_requests/108
πŸ”— https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYSXLXAPXD2T73T6JMHI5G2WP7KHAGMN/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEVTIH5UFX35CC7MVSYBGRM3D66ACFD5/

Related Vulnerabilities

CVE-2013-70989.8

OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.

CVE-2021-458099.8

GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Applicat...

CVE-2019-162399.8

process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with cra...

CVE-2012-32917.8

Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner.