[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-16239Date: (C)2019-09-18   (M)2024-04-26


process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
https://seclists.org/bugtraq/2020/Jan/31
DSA-4607
FEDORA-2019-1caffa01f2
FEDORA-2019-4c0d6e1784
FEDORA-2019-6969467639
USN-4565-1
https://lists.debian.org/debian-lts-announce/2019/10/msg00003.html
http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html
https://t2.fi/schedule/2019/
openSUSE-SU-2019:2385
openSUSE-SU-2019:2388

CPE    41
cpe:/a:infradead:openconnect:3.02
cpe:/a:infradead:openconnect:3.01
cpe:/a:infradead:openconnect:3.00
cpe:/a:infradead:openconnect:1.20
...
CWE    1
CWE-120
OVAL    8
oval:org.secpod.oval:def:67159
oval:org.secpod.oval:def:61492
oval:org.secpod.oval:def:117114
oval:org.secpod.oval:def:117112
...

© SecPod Technologies