Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openfortivpn
(Openfortivpn_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-27 | CVE-2020-7041 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. | Fedora, Openfortivpn, Backports_sle, Leap | 5.3 | ||
| 2020-02-27 | CVE-2020-7042 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). | Fedora, Openfortivpn, Backports_sle, Leap | 5.3 | ||
| 2020-02-27 | CVE-2020-7043 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. | Fedora, Openfortivpn, Backports_sle, Leap | 9.1 |