CyberSec.Space Logo
Back to CVE Browser

CVE-2012-3291

HIGH
7.8
CVSS Severity Score
EPSS Score0.1450%
EPSS Percentile43.89th
PublishedJun 7, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner.

Affected Platforms (CPE)

πŸ“¦
Infradead

Openconnect

<= 3.17
πŸ“¦
Infradead

Openconnect

= 1.00
πŸ“¦
Infradead

Openconnect

= 1.10
πŸ“¦
Infradead

Openconnect

= 1.20
πŸ“¦
Infradead

Openconnect

= 1.30
πŸ“¦
Infradead

Openconnect

= 1.40
πŸ“¦
Infradead

Openconnect

= 2.00
πŸ“¦
Infradead

Openconnect

= 2.01
πŸ“¦
Infradead

Openconnect

= 2.10
πŸ“¦
Infradead

Openconnect

= 2.11
πŸ“¦
Infradead

Openconnect

= 2.12
πŸ“¦
Infradead

Openconnect

= 2.20
πŸ“¦
Infradead

Openconnect

= 2.21
πŸ“¦
Infradead

Openconnect

= 2.22
πŸ“¦
Infradead

Openconnect

= 2.23
πŸ“¦
Infradead

Openconnect

= 2.24
πŸ“¦
Infradead

Openconnect

= 2.25
πŸ“¦
Infradead

Openconnect

= 2.26
πŸ“¦
Infradead

Openconnect

= 3.00
πŸ“¦
Infradead

Openconnect

= 3.01
πŸ“¦
Infradead

Openconnect

= 3.02
πŸ“¦
Infradead

Openconnect

= 3.11
πŸ“¦
Infradead

Openconnect

= 3.12
πŸ“¦
Infradead

Openconnect

= 3.13
πŸ“¦
Infradead

Openconnect

= 3.14
πŸ“¦
Infradead

Openconnect

= 3.15
πŸ“¦
Infradead

Openconnect

= 3.16

References & Advisories

πŸ”— http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/14cae65318d3ef1f7d449e463b72b6934e82f1c2
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079747.html
πŸ”— http://lists.opensuse.org/opensuse-updates/2013-06/msg00186.html
πŸ”— http://www.debian.org/security/2012/dsa-2495
πŸ”— http://www.infradead.org/openconnect/changelog.html
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17242
πŸ”— http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/14cae65318d3ef1f7d449e463b72b6934e82f1c2
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079747.html

Related Vulnerabilities

CVE-2019-162399.8

process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with cra...

CVE-2020-128239.8

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via ...

CVE-2021-458099.8

GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Applicat...

CVE-2013-70989.8

OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.