Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2012-6128

Published: 24/02/2013 Updated: 29/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openconnect

Vulnerability Summary

Multiple stack-based buffer overflows in http.c in OpenConnect prior to 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.

Vulnerable Product Search on Vulmon Subscribe to Product

infradead openconnect 3.16

infradead openconnect 3.15

infradead openconnect 3.00

infradead openconnect 2.26

infradead openconnect 2.12

infradead openconnect 2.11

infradead openconnect 1.00

infradead openconnect 3.17

infradead openconnect 4.02

infradead openconnect 3.02

infradead openconnect 3.01

infradead openconnect 2.21

infradead openconnect 2.20

infradead openconnect 1.20

infradead openconnect 1.10

infradead openconnect 4.00

infradead openconnect 4.01

infradead openconnect 3.14

infradead openconnect 3.13

infradead openconnect 2.25

infradead openconnect 2.24

infradead openconnect 2.10

infradead openconnect 2.01

infradead openconnect 2.00

infradead openconnect 3.18

infradead openconnect 3.19

infradead openconnect 4.04

infradead openconnect 4.05

infradead openconnect 3.12

infradead openconnect 3.11

infradead openconnect 2.23

infradead openconnect 2.22

infradead openconnect 1.40

infradead openconnect 1.30

infradead openconnect 3.20

infradead openconnect 3.99

infradead openconnect 4.06

infradead openconnect

infradead openconnect 4.03

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2012-6128: stack-based buffer overflow in OpenConnect
Debian Bug report logs - #700794 CVE-2012-6128: stack-based buffer overflow in OpenConnect Package: openconnect; Maintainer for openconnect is Mike Miller <mtmiller@debianorg>; Source for openconnect is src:openconnect (PTS, buildd, popcon) Reported by: Mike Miller <mtmiller@ieeeorg> Date: Sun, 17 Feb 2013 15:51:01 ...
Debian Security Advisories: DSA-2623-1 openconnect -- buffer overflow
Kevin Cernekee discovered that a malicious VPN gateway can send crafted responses which trigger stack-based buffer overflows For the stable distribution (squeeze), this problem has been fixed in version 225-01+squeeze2 We recommend that you upgrade your openconnect packages ...

References

CWE-119http://www.infradead.org/openconnect/changelog.htmlhttp://www.securityfocus.com/bid/57884http://www.openwall.com/lists/oss-security/2013/02/12/7http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491http://www.debian.org/security/2013/dsa-2623http://lists.opensuse.org/opensuse-updates/2013-06/msg00115.htmlhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0060http://www.mandriva.com/security/advisories?name=MDVSA-2013:108https://exchange.xforce.ibmcloud.com/vulnerabilities/82058https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700794https://nvd.nist.govhttps://www.debian.org/security/./dsa-2623
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook