CVE-2019-16239

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-16239

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16239.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-16239

Downstream

DEBIAN-CVE-2019-16239

DLA-1945-1

DSA-4607-1

SUSE-SU-2019:2737-1

SUSE-SU-2019:2744-1

SUSE-SU-2019:2744-2

UBUNTU-CVE-2019-16239

USN-4565-1

openSUSE-SU-2019:2385-1

openSUSE-SU-2019:2388-1

openSUSE-SU-2024:13322-1

Related

Published

2019-09-17T12:15:10.560Z

Modified

2025-11-14T09:20:35.546047Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

processhttpresponse in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.

References

Affected packages

Git / github.com/openconnect/openconnect

Affected ranges

Type: GIT
Repo: https://github.com/openconnect/openconnect
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7980a733f52031c369594318956bb1f1767762e3

Affected versions

v0.*

v0.90

v0.91

v0.92

v0.93

v0.94

v0.95

v0.96

v0.97

v0.98

v0.99

v1.*

v1.00

v1.10

v1.20

v1.30

v1.40

v2.*

v2.00

v2.01

v2.10

v2.11

v2.12

v2.20

v2.21

v2.22

v2.23

v2.24

v2.25

v2.26

v3.*

v3.00

v3.01

v3.02

v3.10

v3.11

v3.12

v3.13

v3.14

v3.15

v3.16

v3.17

v3.18

v3.19

v3.20

v3.99

v4.*

v4.00

v4.01

v4.02

v4.03

v4.04

v4.05

v4.06

v4.07

v4.08

v4.99

v5.*

v5.00

v5.01

v5.02

v5.03

v5.99

v6.*

v6.00

v7.*

v7.00

v7.01

v7.02

v7.03

v7.04

v7.05

v7.06

v7.07

v7.08

v8.*

v8.00

v8.01

v8.02

v8.03

v8.04

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16239.json"