openfortivpn Project openfortivpn 1.3.1

CPE Details

openfortivpn Project openfortivpn 1.3.1
openfortivpn_project
openfortivpn
1.3.1
2020-03-04
18h03 +00:00
2020-03-04
18h03 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openfortivpn_project:openfortivpn:1.3.1:*:*:*:*:*:*:*

Informations

Vendor

openfortivpn_project

Product

openfortivpn

Version

1.3.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-7043 2020-02-27 16h30 +00:00 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.
9.1
Critical
CVE-2020-7042 2020-02-27 16h30 +00:00 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
5.3
Medium
CVE-2020-7041 2020-02-27 16h29 +00:00 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.
5.3
Medium