CVE-2012-3291Improper Restriction of Operations within the Bounds of a Memory Buffer in Openconnect

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.8HIGHNVD
EPSS
1.1%
top 21.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Infradead Openconnect
Timeline
PublishedJun 7
Latest updateMay 14

Description

Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

Debianinfradead/openconnect< 3.18-1+3

🔴Vulnerability Details

3
GHSA
GHSA-6578-wffp-8556: Heap-based buffer overflow in OpenConnect 32022-05-14
OSV
CVE-2012-3291: Heap-based buffer overflow in OpenConnect 32012-06-07
CVEList
CVE-2012-3291: Heap-based buffer overflow in OpenConnect 32012-06-07

📋Vendor Advisories

1
Debian
CVE-2012-3291: openconnect - Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a ...2012
CVE-2012-3291 — Infradead Openconnect vulnerability | cvebase