CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-12823

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 80.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html
https://bugs.gentoo.org/721570
https://gitlab.com/openconnect/openconnect/-/merge_requests/108
https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYSXLXAPXD2T73T6JMHI5G2WP7KHAGMN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEVTIH5UFX35CC7MVSYBGRM3D66ACFD5/
https://security.gentoo.org/glsa/202006-15
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html
https://bugs.gentoo.org/721570
https://gitlab.com/openconnect/openconnect/-/merge_requests/108
https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYSXLXAPXD2T73T6JMHI5G2WP7KHAGMN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEVTIH5UFX35CC7MVSYBGRM3D66ACFD5/
https://security.gentoo.org/glsa/202006-15

Products affected by CVE-2020-12823

Infradead » Openconnect » Version: 8.09

cpe:2.3:a:infradead:openconnect:8.09
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0
Fedoraproject » Fedora » Version: 30

cpe:2.3:o:fedoraproject:fedora:30
Fedoraproject » Fedora » Version: 31

cpe:2.3:o:fedoraproject:fedora:31
Fedoraproject » Fedora » Version: 32

cpe:2.3:o:fedoraproject:fedora:32
Opensuse » Leap » Version: 15.1

cpe:2.3:o:opensuse:leap:15.1
Opensuse » Leap » Version: 15.2

cpe:2.3:o:opensuse:leap:15.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-12823

Products

Pricing

Contact Us