CVE-2013-7098Out-of-bounds Write in Openconnect

CWE-787Out-of-bounds Write6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 28.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Infradead Openconnect
Timeline
PublishedFeb 13
Latest updateMay 5

Description

OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianinfradead/openconnect< 5.02-1+3

🔴Vulnerability Details

3
GHSA
GHSA-5fg5-5jx7-ph2f: OpenConnect VPN client with GnuTLS before 52022-05-05
CVEList
CVE-2013-7098: OpenConnect VPN client with GnuTLS before 52020-02-13
OSV
CVE-2013-7098: OpenConnect VPN client with GnuTLS before 52020-02-13

📋Vendor Advisories

1
Debian
CVE-2013-7098: openconnect - OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU i...2013

💬Community

1
Bugzilla
CVE-2013-7098 openconnect: heap-based buffer overflow if MTU is increased on reconnection2020-02-21
CVE-2013-7098 — Out-of-bounds Write in Openconnect | cvebase