Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Feb 2013 20:52:22 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Cc: Mike Miller <mtmiller@...e.org>
Subject: CVE request: openconnect buffer overflow

Kevin Cernekee discovered that a malicious VPN gateway can send a very
long hostname/path (for redirects) or cookie list (in general), which
OpenConnect will attempt to write on a fixed length buffer.

Upstream commit:

<http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491>

This needs a CVE name from 2012.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.