mailing list archives
CVE request: openconnect buffer overflow
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 11 Feb 2013 20:52:22 +0100
Kevin Cernekee discovered that a malicious VPN gateway can send a very
long hostname/path (for redirects) or cookie list (in general), which
OpenConnect will attempt to write on a fixed length buffer.
This needs a CVE name from 2012.
- CVE request: openconnect buffer overflow Florian Weimer (Feb 11)