Infradead: >> Openconnect >> 4.01 Security Vulnerabilities
OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.
CVSS Score
5.9
EPSS Score
0.002
Published
2020-04-23
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.
CVSS Score
9.8
EPSS Score
0.007
Published
2020-02-13
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
CVSS Score
9.8
EPSS Score
0.048
Published
2019-09-17
Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.
CVSS Score
5.0
EPSS Score
0.01
Published
2013-02-24