CPE Details
infradead OpenConnect 3.01
3.01
2012-06-08
14h50 +00:00
14h50 +00:00
2012-06-29
12h55 +00:00
12h55 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:infradead:openconnect:3.01:*:*:*:*:*:*:*
Informations
Vendor
infradeadProduct
openconnectVersion
3.01Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks. | 5.9 |
Medium |
||
| OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. | 9.8 |
Critical |
||
| process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. | 9.8 |
Critical |
||
| Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response. | 5 |
|||
| Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner. | 7.8 |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.