Vulnerabilities > CVE-2009-5009 - Resource Management Errors vulnerability in Infradead Openconnect

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

infradead

CWE-399

NVD

Published: 2010-10-14

Updated: 2010-10-14

Summary

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.

Vulnerable Configurations

Part	Description	Count
Application	Infradead Infradead Openconnect 1.00 Infradead Openconnect 1.10 Infradead Openconnect 1.20 Infradead Openconnect 1.30	4

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://www.infradead.org/openconnect.html