CVE-2020-7042

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:openfortivpn_project:openfortivpn:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-02-27 18:15

Updated : 2024-02-04 20:39


NVD link : CVE-2020-7042

Mitre link : CVE-2020-7042

CVE.ORG link : CVE-2020-7042


JSON object : View

Products Affected

openssl

  • openssl

opensuse

  • backports_sle
  • leap

fedoraproject

  • fedora

openfortivpn_project

  • openfortivpn
CWE
CWE-295

Improper Certificate Validation

CWE-908

Use of Uninitialized Resource