CVE-2012-6128

2013-02-2419:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

openconnect

buffer overflow

denial of service

nvd

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.

CPENameOperatorVersion
infradead:openconnectinfradead openconnecteq3.99
infradead:openconnectinfradead openconnecteq2.22
infradead:openconnectinfradead openconnecteq3.14
infradead:openconnectinfradead openconnecteq3.13
infradead:openconnectinfradead openconnecteq3.02
infradead:openconnectinfradead openconnecteq3.16
infradead:openconnectinfradead openconnecteq1.40
infradead:openconnectinfradead openconnecteq4.01
infradead:openconnectinfradead openconnecteq1.00
infradead:openconnectinfradead openconnecteq3.15

CPE	Name	Operator	Version
infradead:openconnect	infradead openconnect	eq	3.99
infradead:openconnect	infradead openconnect	eq	2.22
infradead:openconnect	infradead openconnect	eq	3.14
infradead:openconnect	infradead openconnect	eq	3.13
infradead:openconnect	infradead openconnect	eq	3.02
infradead:openconnect	infradead openconnect	eq	3.16
infradead:openconnect	infradead openconnect	eq	1.40
infradead:openconnect	infradead openconnect	eq	4.01
infradead:openconnect	infradead openconnect	eq	1.00
infradead:openconnect	infradead openconnect	eq	3.15