CVE-2020-7042

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).

Published: Feb 27, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-7042
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-295
CWE-908

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
openfortivpn_project / openfortivpn	-	1.12.0
fedoraproject / fedora	30	30.x
fedoraproject / fedora	31	31.x
fedoraproject / fedora	32	32.x
opensuse / leap	15.1	15.1.x
opensuse / backports_sle	15.0-sp1	15.0-sp1.x

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html
https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3
https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4
https://github.com/adrienverge/openfortivpn/issues/536
https://lists.fedoraproject.org/archives/list/[email protected]/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/
https://lists.fedoraproject.org/archives/list/[email protected]/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/
https://lists.fedoraproject.org/archives/list/[email protected]/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKNKSGBVYGRRVRLFEFBEKUEJYJR5LWOF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FF6HYIBREQGATRM5COF57MRQWKOKCWZ3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SRVVNXCNTNMPCIAZIVR4FAGYCSU53FNA/

Vulnerability Database

290,020

CVE-2020-7042