openconnect: code execution
| Package(s): | openconnect | CVE #(s): | CVE-2012-6128 | ||||||||||||||||||||||||||||
| Created: | February 15, 2013 | Updated: | May 19, 2014 | ||||||||||||||||||||||||||||
| Description: | From the Mageia advisory: A stack-based buffer overflow flaw was found in the way OpenConnect, a client for Cisco's "AnyConnect" VPN, performed processing of certain host names, paths, or cookie lists, received from the VPN gateway. A remote VPN gateway could provide a specially-crafted host name, path or cookie list that, when processed by the openconnect client would lead to openconnect executable crash. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||