CVE-2020-12823

CRITICAL9.8EPSS 1.9%

openconnect - security update

Published: 5/12/2020Modified: 3/9/2026

Also known as:DEBIAN-CVE-2020-12823DLA-2212-1

Description

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

Affected packages (2)

Debian/openconnectfrom 0, < 8.10-1
Debian/openconnectfrom 0, < 6.00-2+deb8u2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-12823