CVE-2020-7042
published 2020-02-27CVE-2020-7042: An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openfortivpn | < openfortivpn 1.12.0-1 (bookworm) | openfortivpn 1.12.0-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| openfortivpn_project | openfortivpn | < 1.12.0 | 1.12.0 |
| openfortivpn_project | openfortivpn | >= 0 < 1.12.0-1 | 1.12.0-1 |
| openfortivpn_project | openfortivpn | >= 0 < 1.12.0-1 | 1.12.0-1 |
| openfortivpn_project | openfortivpn | >= 0 < 1.12.0-1 | 1.12.0-1 |
| openfortivpn_project | openfortivpn | >= 0 < 1.12.0-1 | 1.12.0-1 |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv5.3MEDIUM