← Back

Openfortivpn Project

openfortivpn_project

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Openfortivpn
openfortivpn
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-7043
3Fedoraproject
Openfortivpn ProjectOpensuse
4Backports Sle
FedoraLeap+1 more
Nov 21, 2024
Feb 27, 2020
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.examp...Show more
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.Show less
CVE-2020-7042
3Fedoraproject
Openfortivpn ProjectOpensuse
4Backports Sle
FedoraLeap+1 more
Nov 21, 2024
Feb 27, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid ce...Show more
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).Show less
CVE-2020-7041
3Fedoraproject
Openfortivpn ProjectOpensuse
4Backports Sle
FedoraLeap+1 more
Nov 21, 2024
Feb 27, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.