Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: openconnect buffer overflow
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 11 Feb 2013 20:52:22 +0100

Kevin Cernekee discovered that a malicious VPN gateway can send a very
long hostname/path (for redirects) or cookie list (in general), which
OpenConnect will attempt to write on a fixed length buffer.

Upstream commit:

<http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491>

This needs a CVE name from 2012.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault