CVE-2020-7043

描述

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

受影響套件(1)

• Debian/openfortivpnfrom 0, < 1.12.0-1

CVSS 分數

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-7043