Lucene search

[email protected]NVD:CVE-2012-6128

HistoryFeb 24, 2013 - 7:55 p.m.

CVE-2012-6128

2013-02-2419:55:01

CWE-119

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.0%

JSON

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.

Affected configurations

NVD

Node

infradeadopenconnectRange≤4.07

infradeadopenconnectMatch1.00

infradeadopenconnectMatch1.10

infradeadopenconnectMatch1.20

infradeadopenconnectMatch1.30

infradeadopenconnectMatch1.40

infradeadopenconnectMatch2.00

infradeadopenconnectMatch2.01

infradeadopenconnectMatch2.10

infradeadopenconnectMatch2.11

infradeadopenconnectMatch2.12

infradeadopenconnectMatch2.20

infradeadopenconnectMatch2.21

infradeadopenconnectMatch2.22

infradeadopenconnectMatch2.23

infradeadopenconnectMatch2.24

infradeadopenconnectMatch2.25

infradeadopenconnectMatch2.26

infradeadopenconnectMatch3.00

infradeadopenconnectMatch3.01

infradeadopenconnectMatch3.02

infradeadopenconnectMatch3.11

infradeadopenconnectMatch3.12

infradeadopenconnectMatch3.13

infradeadopenconnectMatch3.14

infradeadopenconnectMatch3.15

infradeadopenconnectMatch3.16

infradeadopenconnectMatch3.17

infradeadopenconnectMatch3.18

infradeadopenconnectMatch3.19

infradeadopenconnectMatch3.20

infradeadopenconnectMatch3.99

infradeadopenconnectMatch4.00

infradeadopenconnectMatch4.01

infradeadopenconnectMatch4.02

infradeadopenconnectMatch4.03

infradeadopenconnectMatch4.04

infradeadopenconnectMatch4.05

infradeadopenconnectMatch4.06

References

git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491

lists.opensuse.org/opensuse-updates/2013-06/msg00115.html

www.debian.org/security/2013/dsa-2623

www.infradead.org/openconnect/changelog.html

www.mandriva.com/security/advisories?name=MDVSA-2013:108

www.openwall.com/lists/oss-security/2013/02/12/7

www.securityfocus.com/bid/57884

exchange.xforce.ibmcloud.com/vulnerabilities/82058

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0060

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.0%

JSON

Related for NVD:CVE-2012-6128

securityvulns2 cve1 nessus6 openvas7 fedora2 debiancve1 prion1 cvelist1 gentoo1 debian1 ubuntucve1