CVE-2009-5009 — Double Free in Openconnect

CWE-3995 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 46.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Infradead Openconnect

Timeline

PublishedOct 14

Latest updateMay 2

Description

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianinfradead/openconnect< 1.40-1+3

▶NVDinfradead/openconnect1.30+3

🔴Vulnerability Details

GHSA

GHSA-ggcw-fq74-j5hg: Double free vulnerability in OpenConnect before 1↗2022-05-02

▶

OSV

CVE-2009-5009: Double free vulnerability in OpenConnect before 1↗2010-10-14

▶

CVEList

CVE-2009-5009: Double free vulnerability in OpenConnect before 1↗2010-10-12

▶

📋Vendor Advisories

Debian

CVE-2009-5009: openconnect - Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConne...↗2009

▶