CVE-2020-7043

critical

Description

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

References

Advisories

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/

https://github.com/adrienverge/openfortivpn/issues/536

https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4

https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html

Details

Source: Mitre, NVD

Published: 2020-02-27

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00468