CVE-2020-12823

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1360%

EPSS Percentile27.78th

Published2020年5月12日

Last Modified2024年11月21日

Vulnerability Description

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

Affected Platforms (CPE)

📦

Infradead

Openconnect

= 8.09

💻

Fedoraproject

Fedora

= 30

💻

Fedoraproject

Fedora

= 31

💻

Fedoraproject

Fedora

= 32

💻

Debian

Debian Linux

= 8.0

💻

Opensuse

Leap

= 15.1

💻

Opensuse

Leap

= 15.2

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html

🔗 https://bugs.gentoo.org/721570

🔗 https://gitlab.com/openconnect/openconnect/-/merge_requests/108

🔗 https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYSXLXAPXD2T73T6JMHI5G2WP7KHAGMN/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEVTIH5UFX35CC7MVSYBGRM3D66ACFD5/

Vulnerability Description

Affected Platforms (CPE)

Openconnect

Fedora

Fedora

Fedora

Debian Linux

Leap

Leap

References & Advisories

関連する脆弱性情報