Vulnerability CVE-2013-7098

Vulnerability Name:

CVE-2013-7098 (CCN-177077)

Assigned:

2013-12-13

Published:

2013-12-13

Updated:

2020-02-20

Summary:

OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-787

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-7098

Source: CCN
Type: Infradead Web site
OpenConnect VPN client

Source: CONFIRM
Type: Vendor Advisory
http://www.infradead.org/openconnect/changelog.html

Source: XF
Type: UNKNOWN
openconnect-cve20137098-bo(177077)

Vulnerable Configuration:

Configuration 1:

cpe:/a:infradead:openconnect:*:*:*:*:*:*:*:* (Version < 5.02)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20137098	V	CVE-2013-7098	2022-09-02
oval:org.opensuse.security:def:6340	P	Security update for python (Important)	2022-07-04
oval:org.opensuse.security:def:123887	P	openconnect-7.08-1.27 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:1172	P	Security update for libarchive (Moderate)	2022-05-23
oval:org.opensuse.security:def:6183	P	Security update for the Linux Kernel (Important)	2022-04-07
oval:org.opensuse.security:def:6191	P	Security update for flac (Moderate)	2022-03-14
oval:org.opensuse.security:def:113057	P	openconnect-7.07-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:6491	P	Security update for the Linux Kernel (Important) (in QA)	2022-01-07
oval:org.opensuse.security:def:6259	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:64800	P	Security update for java-11-openjdk (Important)	2021-11-16
oval:org.opensuse.security:def:6306	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:6213	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:55260	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:11140	P	Security update for mbedtls (Moderate)	2021-10-20
oval:org.opensuse.security:def:1132	P	Security update for go1.17 (Moderate)	2021-10-20
oval:org.opensuse.security:def:6482	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:106497	P	openconnect-7.07-1.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:71387	P	rpcbind-0.2.3-5.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:7164	P	Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP2) (Important)	2021-09-16
oval:org.opensuse.security:def:11116	P	Security update for libhts (Low)	2021-08-22
oval:org.opensuse.security:def:11115	P	Security update for prosody (Moderate)	2021-08-21
oval:org.opensuse.security:def:68047	P	Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP1) (Important)	2021-08-17
oval:org.opensuse.security:def:47789	P	libsrtp1-1.5.2-3.2.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48354	P	yast2-users-3.2.19-1.16 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47708	P	libgc1-7.2d-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48246	P	ntp-4.2.8p13-85.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47653	P	java-1_8_0-openjdk-1.8.0.181-27.26.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47982	P	cups-1.7.5-20.23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47829	P	mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47693	P	libarchive13-3.1.2-25.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47654	P	kbd-2.0.4-8.10.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48114	P	libgcab-1_0-0-0.6-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48022	P	gnome-keyring-3.20.0-28.3.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47668	P	libQt5WebKit5-5.6.2-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48206	P	libthai-data-0.1.25-4.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47694	P	libasan2-32bit-5.3.1+r233831-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48154	P	libncurses5-32bit-5.9-64.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:1727	P	libtag-devel-1.11.1-4.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:7142	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP2) (Important)	2021-07-28
oval:org.opensuse.security:def:11103	P	Security update for icinga2 (Moderate)	2021-07-19
oval:org.opensuse.security:def:11094	P	Security update for live555 (Moderate)	2021-07-08
oval:org.opensuse.security:def:6473	P	Security update for the Linux Kernel (Important)	2021-06-28
oval:org.opensuse.security:def:38076	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:1767	P	Security update for the Linux Kernel (Important)	2021-06-28
oval:org.opensuse.security:def:64713	P	Security update for the Linux Kernel (Important)	2021-06-15
oval:org.opensuse.security:def:48921	P	libcares2-32bit-1.9.1-9.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11842	P	kdump-0.8.15-28.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63558	P	openconnect-7.08-4.26 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17290	P	openconnect-7.08-1.27 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48779	P	imobiledevice-tools-1.2.0-7.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48714	P	cyrus-sasl-digestmd5-32bit-2.1.26-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124751	P	openconnect-7.08-1.27 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:77968	P	openconnect-7.08-1.27 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48568	P	libvte9-0.28.2-19.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48394	P	cups-filters-1.0.58-13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48810	P	libwmf-0_2-7-0.2.8.4-242.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48819	P	typelib-1_0-EvinceDocument-3_0-3.20.1-5.66 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11776	P	cpio-2.11-29.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48754	P	pulseaudio-module-bluetooth-5.0-2.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48652	P	xlockmore-5.43-5.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48959	P	openconnect-7.08-1.27 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48608	P	python-pyOpenSSL-16.0.0-2.3.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48881	P	pulseaudio-module-bluetooth-5.0-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2469	P	openconnect-7.08-4.26 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48850	P	libcares2-32bit-1.9.1-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11864	P	libXt6-1.1.4-3.59 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48692	P	libraw9-0.15.4-3.88 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11754	P	ImageMagick-6.8.8.1-33.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12672	P	openconnect-7.08-1.27 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11204	P	Security update for nim (Moderate)	2021-04-29
oval:org.opensuse.security:def:68147	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP2) (Important)	2021-04-07
oval:org.opensuse.security:def:6321	P	Security update for evolution-data-server (Moderate)	2021-03-19
oval:org.opensuse.security:def:11182	P	Security update for python-djangorestframework (Important)	2021-02-25
oval:org.opensuse.security:def:11191	P	Security update for chromium (Important)	2021-01-11
oval:org.opensuse.security:def:6440	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:11027	P	Security update for minidlna (Moderate)	2020-12-10
oval:org.opensuse.security:def:6415	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:2509	P	openconnect-7.08-4.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63598	P	openconnect-7.08-4.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17378	P	openconnect-7.08-1.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103782	P	openconnect-7.08-4.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:90127	P	openconnect-7.08-4.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49047	P	openconnect-7.08-1.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71500	P	grep-3.1-4.3.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:52483	P	Security update for tomcat (Moderate)	2020-12-01
oval:org.opensuse.security:def:53140	P	Security update for salt (Critical)	2020-12-01
oval:org.opensuse.security:def:38432	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37597	P	libtirpc-netconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37929	P	libopenssl-1_0_0-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38295	P	libgraphite2-3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37916	P	libmicrohttpd10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38324	P	libmms0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6504	P	rtkit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55334	P	openconnect on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50154	P	libavcodec-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10918	P	gc-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11052	P	libptexenc1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38455	P	python-PyYAML on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10795	P	libssh2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10959	P	libXext-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38499	P	tcpdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50208	P	openconnect on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52623	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:53306	P	Security update for mariadb-connector-c (Important)	2020-12-01
oval:org.opensuse.security:def:37608	P	libwireshark8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37986	P	libwavpack1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39093	P	lhasa on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37685	P	sysconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38017	P	pam-modules on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38383	P	libtiff5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52460	P	Security update for clamav-database (Important)	2020-12-01
oval:org.opensuse.security:def:39135	P	openconnect on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10803	P	libtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10933	P	graphite2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53791	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:11006	P	libical-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38543	P	apache-commons-httpclient on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10883	P	augeas-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52861	P	Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53591	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:37692	P	tomcat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37696	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38074	P	syslog-service on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39181	P	libSoundTouch0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37596	P	libtiff5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53903	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:39223	P	openconnect on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10825	P	net-snmp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10952	P	libHX-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53865	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:10891	P	build on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11021	P	liblouis-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38344	P	libpcap1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52461	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:53034	P	Security update for icu (Important)	2020-12-01
oval:org.opensuse.security:def:53699	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:37828	P	java-1_8_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38236	P	krb5-appl-clients on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37780	P	eog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38164	P	davfs2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50114	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37684	P	supportutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53984	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10871	P	ImageMagick on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38411	P	logrotate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50168	P	openconnect on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10913	P	fontconfig-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11040	P	libotr-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38471	P	rpm-32bit on GA media (Moderate)	2020-12-01
oval:com.ubuntu.bionic:def:201370980000000	V	CVE-2013-7098 on Ubuntu 18.04 LTS (bionic) - medium.	2020-02-13
oval:com.ubuntu.xenial:def:201370980000000	V	CVE-2013-7098 on Ubuntu 16.04 LTS (xenial) - medium.	2020-02-13

BACK