CVE-2020-12105

OpenConnect through 8.08 mishandles negative return values from X509check function calls, which might assist attackers in performing man-in-the-middle attacks.

References

Affected packages

Git / github.com/openconnect/openconnect

Affected ranges

Type

GIT

Repo

https://github.com/openconnect/openconnect

Events

Introduced

Last affected

a73743d13e4c75ea19635f8e725907b7cd8477f8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.08"
        }
    ]
}

Affected versions

v0.*

v0.90

v0.91

v0.92

v0.93

v0.94

v0.95

v0.96

v0.97

v0.98

v0.99

v1.*

v1.00

v1.10

v1.20

v1.30

v1.40

v2.*

v2.00

v2.01

v2.10

v2.11

v2.12

v2.20

v2.21

v2.22

v2.23

v2.24

v2.25

v2.26

v3.*

v3.00

v3.01

v3.02

v3.10

v3.11

v3.12

v3.13

v3.14

v3.15

v3.16

v3.17

v3.18

v3.19

v3.20

v3.99

v4.*

v4.00

v4.01

v4.02

v4.03

v4.04

v4.05

v4.06

v4.07

v4.99

v5.*

v5.00

v5.01

v5.02

v5.03

v5.99

v6.*

v6.00

v7.*

v7.00

v7.01

v7.02

v7.03

v7.04

v7.05

v7.06

v7.07

v7.08

v8.*

v8.00

v8.01

v8.02

v8.03

v8.04

v8.05

v8.06

v8.07

v8.08

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12105.json"