CVE-2012-6128

Name of the Vulnerable Software and Affected Versions OpenConnect versions prior to 4.08

Description The issue is related to multiple stack-based buffer overflows in the http.c file of OpenConnect. These overflows can be triggered by remote VPN gateways sending responses with long hostnames, paths, or cookie lists, leading to a denial of service in the form of an application crash. The vulnerability can be exploited remotely and may result in the disruption of protected information availability.

Recommendations For OpenConnect versions prior to 4.08, update to version 4.08 or later to resolve the issue. As a temporary workaround, consider restricting the length of hostnames, paths, and cookie lists in responses from remote VPN gateways to prevent the buffer overflows.