Vulnerability Details : CVE-2012-6128
Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2012-6128
- cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:1.30:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.22:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.15:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.14:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.26:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.25:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.16:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.01:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.00:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.13:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.12:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.24:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.23:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.11:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.02:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.17:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:4.02:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:4.00:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:4.01:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.18:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.19:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:4.04:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:4.05:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.20:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:3.99:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:4.06:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:4.03:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-6128
1.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-6128
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-6128
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6128
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/82058
OpenConnect VPN Gateway buffer overflow CVE-2012-6128 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2013/02/12/7
oss-security - Re: CVE request: openconnect buffer overflow
-
http://www.infradead.org/openconnect/changelog.html
OpenConnect VPN client.
-
http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491
git.infradead.org Git - users/dwmw2/openconnect.git/commitdiffVendor Advisory
-
http://www.securityfocus.com/bid/57884
OpenConnect VPN Gateway Stack Based Buffer Overflow VulnerabilityVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:108
mandriva.com
-
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0060
Support/Advisories/MGASA-2013-0060 - Mageia wiki
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00115.html
openSUSE-SU-2013:0979-1: moderate: update for openconnect
-
http://www.debian.org/security/2013/dsa-2623
Debian -- Security Information -- DSA-2623-1 openconnectVendor Advisory
Jump to