CVE-2020-12105

Description

OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.

Risk Information

Base Score

5.9

MODERATE

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.171

Associated Vulnerability

Vulnerability	OS Platform
SUSE-SU-2024:0317-1(Basesystem Module 15-SP5) liboath0-2.6.2-150000.3.5.1.x86_64.rpm	Linux
SUSE-SU-2024:0317-1(Basesystem Module 15-SP5) liboath-devel-2.6.2-150000.3.5.1.x86_64.rpm	Linux
SUSE-SU-2024:0317-1(Basesystem Module 15-SP5) oath-toolkit-xml-2.6.2-150000.3.5.1.noarch.rpm	Linux
SUSE-SU-2024:0317-1(Basesystem Module 15-SP5) liboath0-debuginfo-2.6.2-150000.3.5.1.x86_64.rpm	Linux
SUSE-SU-2024:0317-1(Basesystem Module 15-SP5) oath-toolkit-debuginfo-2.6.2-150000.3.5.1.x86_64.rpm	Linux
SUSE-SU-2024:0317-1(Basesystem Module 15-SP5) oath-toolkit-debugsource-2.6.2-150000.3.5.1.x86_64.rpm	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234