- Description
- Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
- nvd@nist.gov
- CWE-399
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5CB7638-93B0-4441-822D-729FB7540F8E",
"versionEndIncluding": "1.30"
},
{
"criteria": "cpe:2.3:a:infradead:openconnect:1.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67DF6A41-F66A-4988-8852-08B0F8409185"
},
{
"criteria": "cpe:2.3:a:infradead:openconnect:1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13B5B9C7-3D91-4A40-BEE2-F1BEF2857C4F"
},
{
"criteria": "cpe:2.3:a:infradead:openconnect:1.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFF4C32E-4053-4968-B2E7-C821908B3017"
}
],
"operator": "OR"
}
]
}
]