CVE-2020-12823

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to getcertname in gnutls.c.

References

Affected packages

Debian:11 / openconnect

Package

Name: openconnect
Purl: pkg:deb/debian/openconnect?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.10-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / openconnect

Package

Name: openconnect
Purl: pkg:deb/debian/openconnect?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.10-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / openconnect

Package

Name: openconnect
Purl: pkg:deb/debian/openconnect?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.10-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/openconnect/openconnect

Affected ranges

Type: GIT
Repo: https://github.com/openconnect/openconnect
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

946ebe7fbb124877f86dbca88dcdcfb889f7058f

Affected versions

v0.*

v0.90

v0.91

v0.92

v0.93

v0.94

v0.95

v0.96

v0.97

v0.98

v0.99

v1.*

v1.00

v1.10

v1.20

v1.30

v1.40

v2.*

v2.00

v2.01

v2.10

v2.11

v2.12

v2.20

v2.21

v2.22

v2.23

v2.24

v2.25

v2.26

v3.*

v3.00

v3.01

v3.02

v3.10

v3.11

v3.12

v3.13

v3.14

v3.15

v3.16

v3.17

v3.18

v3.19

v3.20

v3.99

v4.*

v4.00

v4.01

v4.02

v4.03

v4.04

v4.05

v4.06

v4.07

v4.08

v4.99

v5.*

v5.00

v5.01

v5.02

v5.03

v5.99

v6.*

v6.00

v7.*

v7.00

v7.01

v7.02

v7.03

v7.04

v7.05

v7.06

v7.07

v7.08

v8.*

v8.00

v8.01

v8.02

v8.03

v8.04

v8.05

v8.06

v8.07

v8.08

v8.09