Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Feb 2013 20:52:22 +0100
From: Florian Weimer <>
Cc: Mike Miller <>
Subject: CVE request: openconnect buffer overflow

Kevin Cernekee discovered that a malicious VPN gateway can send a very
long hostname/path (for redirects) or cookie list (in general), which
OpenConnect will attempt to write on a fixed length buffer.

Upstream commit:


This needs a CVE name from 2012.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ