CVE-2019-16239

EPSS 8.53%
Veröffentlicht 17.09.2019 12:15:10
Zuletzt bearbeitet 21.11.2024 04:30:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Infradead ≫ Openconnect Version < 8.05

Fedoraproject ≫ Fedora Version29

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.53%	0.921

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00060.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00061.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2019/10/msg00003.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX56KYWC7X4ETV4P6HGJC7GZUEBITBBS/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDMZGNBLZZKAGBI2PNXYWWKLD2LXKFH6/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WI7ZENFAWCHF2RU4NHPL2CU4WGZ4BNDJ/

https://seclists.org/bugtraq/2020/Jan/31

Third Party Advisory

Mailing List

https://t2.fi/schedule/2019/

Not Applicable

https://usn.ubuntu.com/4565-1/

Third Party Advisory

https://www.debian.org/security/2020/dsa-4607

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-16239

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-16239

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-16239

EUVD