CVE-2012-6128

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.

Published: Feb 24, 2013
Updated: Nov 9, 2025
CVE: CVE-2012-6128
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
infradead / openconnect	3.99	3.99.x
infradead / openconnect	2.22	2.22.x
infradead / openconnect	3.14	3.14.x
infradead / openconnect	3.13	3.13.x
infradead / openconnect	3.02	3.02.x
infradead / openconnect	3.16	3.16.x
infradead / openconnect	1.40	1.40.x
infradead / openconnect	4.01	4.01.x
infradead / openconnect	1.00	1.00.x
infradead / openconnect	3.15	3.15.x
infradead / openconnect	1.30	1.30.x
infradead / openconnect	2.24	2.24.x
infradead / openconnect	2.00	2.00.x
infradead / openconnect	2.21	2.21.x
infradead / openconnect	4.02	4.02.x
infradead / openconnect	2.23	2.23.x
infradead / openconnect	2.11	2.11.x
infradead / openconnect	1.10	1.10.x
infradead / openconnect	3.18	3.18.x
infradead / openconnect	4.03	4.03.x
infradead / openconnect	2.26	2.26.x
infradead / openconnect	3.20	3.20.x
infradead / openconnect	4.06	4.06.x
infradead / openconnect	3.11	3.11.x
infradead / openconnect	3.17	3.17.x
infradead / openconnect	2.10	2.10.x
infradead / openconnect	-	4.07.x
infradead / openconnect	3.00	3.00.x
infradead / openconnect	2.01	2.01.x
infradead / openconnect	4.04	4.04.x
infradead / openconnect	2.12	2.12.x
infradead / openconnect	4.00	4.00.x
infradead / openconnect	3.01	3.01.x
infradead / openconnect	2.20	2.20.x
infradead / openconnect	3.12	3.12.x
infradead / openconnect	4.05	4.05.x
infradead / openconnect	3.19	3.19.x
infradead / openconnect	2.25	2.25.x
infradead / openconnect	1.20	1.20.x

Vulnerability Database

300,445

CVE-2012-6128

Deep Security Visibility Without the Complexity