PT-2010-1811 · Openconnect · Openconnect
Publicado
2010-10-12
·
Atualizado
2010-10-14
·
CVE-2009-5009
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
OpenConnect versions prior to 1.40
Description
A double free issue exists that might allow remote AnyConnect SSL VPN servers to cause a denial of service, potentially leading to an application crash, or possibly have other unspecified impacts. This occurs via a crafted DTLS Cipher option during a reconnect operation.
Recommendations
For versions prior to 1.40, update to version 1.40 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openconnect