Vulnerabilities > Infradead > Openconnect > 4.03
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-23 | CVE-2020-12105 | Improper Handling of Exceptional Conditions vulnerability in multiple products OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks. | 4.3 |
2020-02-13 | CVE-2013-7098 | Out-of-bounds Write vulnerability in Infradead Openconnect OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. | 7.5 |
2019-09-17 | CVE-2019-16239 | Classic Buffer Overflow vulnerability in multiple products process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. | 9.8 |
2013-02-24 | CVE-2012-6128 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Infradead Openconnect Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response. | 5.0 |