CVE-2012-6128
openconnect - buffer overflow
EPSS 0.97%
Description
Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.
How to fix CVE-2012-6128
To remediate CVE-2012-6128, upgrade the affected package to a fixed version below.
- Debian/openconnect—upgrade to 3.20-3 or later
- Debian/openconnect—upgrade to 2.25-0.1+squeeze2 or later
Is CVE-2012-6128 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.20-3
- from 0, < 2.25-0.1+squeeze2