CVE-2009-5009

EUVD-2009-4971
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
infradeadopenconnect
𝑥
≤ 1.30
infradeadopenconnect
1.00
infradeadopenconnect
1.10
infradeadopenconnect
1.20
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openconnect
bookworm
9.01-3
fixed
bullseye
8.10-2
fixed
sid
9.12-3
fixed
trixie
9.12-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openconnect
dapper
dne
hardy
dne
jaunty
dne
karmic
not-affected
lucid
not-affected
maverick
not-affected
Common Weakness Enumeration
References
http://www.infradead.org/openconnect.html
http://www.infradead.org/openconnect.html