Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server , can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.