Strix
26.1K

CVE-2012-6128

UnknownEPSS 2.65%

Last modified

CVE-2012-6128 is a vulnerability of currently unknown severity. Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.. EPSS estimates a 2.65% chance of exploitation in the next 30 days.

Description

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.

Metrics

EPSS Probability
2.65%

83.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
InfradeadOpenconnect<= 4.07
InfradeadOpenconnect1.00
InfradeadOpenconnect1.10
InfradeadOpenconnect1.20
InfradeadOpenconnect1.30
InfradeadOpenconnect1.40
InfradeadOpenconnect2.00
InfradeadOpenconnect2.01
InfradeadOpenconnect2.10
InfradeadOpenconnect2.11
InfradeadOpenconnect2.12
InfradeadOpenconnect2.20
InfradeadOpenconnect2.21
InfradeadOpenconnect2.22
InfradeadOpenconnect2.23
InfradeadOpenconnect2.24
InfradeadOpenconnect2.25
InfradeadOpenconnect2.26
InfradeadOpenconnect3.00
InfradeadOpenconnect3.01
InfradeadOpenconnect3.02
InfradeadOpenconnect3.11
InfradeadOpenconnect3.12
InfradeadOpenconnect3.13
InfradeadOpenconnect3.14
InfradeadOpenconnect3.15
InfradeadOpenconnect3.16
InfradeadOpenconnect3.17
InfradeadOpenconnect3.18
InfradeadOpenconnect3.19
InfradeadOpenconnect3.20
InfradeadOpenconnect3.99
InfradeadOpenconnect4.00
InfradeadOpenconnect4.01
InfradeadOpenconnect4.02
InfradeadOpenconnect4.03
InfradeadOpenconnect4.04
InfradeadOpenconnect4.05
InfradeadOpenconnect4.06

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-6128?
Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.
How severe is CVE-2012-6128?
Severity scoring for CVE-2012-6128 is pending analysis. The EPSS model estimates a 2.65% probability of exploitation in the next 30 days.
How do I fix CVE-2012-6128?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-6128?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST