CVE-2020-12823

Опубликовано: 12 мая 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html
Mailing List
Third Party Advisory
https://bugs.gentoo.org/721570
Exploit
Third Party Advisory
https://gitlab.com/openconnect/openconnect/-/merge_requests/108
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYSXLXAPXD2T73T6JMHI5G2WP7KHAGMN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEVTIH5UFX35CC7MVSYBGRM3D66ACFD5/
https://security.gentoo.org/glsa/202006-15
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html
Mailing List
Third Party Advisory
https://bugs.gentoo.org/721570
Exploit
Third Party Advisory
https://gitlab.com/openconnect/openconnect/-/merge_requests/108
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYSXLXAPXD2T73T6JMHI5G2WP7KHAGMN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEVTIH5UFX35CC7MVSYBGRM3D66ACFD5/
https://security.gentoo.org/glsa/202006-15
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:infradead:openconnect:8.09:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01863

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-120

Связанные уязвимости

CVE-2020-12823

CVSS3: 9.8

ubuntu

больше 5 лет назад

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

CVE-2020-12823

CVSS3: 9.8

debian

больше 5 лет назад

OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...

openSUSE-SU-2020:1027-1

suse-cvrf

больше 5 лет назад

Security update for openconnect

openSUSE-SU-2020:0997-1

suse-cvrf

больше 5 лет назад

Security update for openconnect

SUSE-SU-2020:1930-1

suse-cvrf

больше 5 лет назад

Security update for openconnect

EPSS

Процентиль: 83%

0.01863

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-120