CVE-2020-12105

Опубликовано: 23 апр. 2020

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00039.html
Mailing List
Third Party Advisory
https://gitlab.com/openconnect/openconnect/-/merge_requests/96
Third Party Advisory
https://security.gentoo.org/glsa/202006-15
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00039.html
Mailing List
Third Party Advisory
https://gitlab.com/openconnect/openconnect/-/merge_requests/96
Third Party Advisory
https://security.gentoo.org/glsa/202006-15
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:*

Версия до 8.08 (включая)

Конфигурация 2

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00171

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-755

Связанные уязвимости

CVE-2020-12105

CVSS3: 5.9

ubuntu

почти 6 лет назад

OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.

CVE-2020-12105

CVSS3: 5.9

debian

почти 6 лет назад

OpenConnect through 8.08 mishandles negative return values from X509_c ...

openSUSE-SU-2020:0694-1

suse-cvrf

больше 5 лет назад

Security update for openconnect

SUSE-SU-2020:1337-1

suse-cvrf

больше 5 лет назад

Security update for openconnect

SUSE-SU-2020:1264-1

suse-cvrf

больше 5 лет назад

Security update for openconnect

EPSS

Процентиль: 38%

0.00171

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-755