CVE-2009-5009

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
infradeadopenconnect
𝑥
≤ 1.30
infradeadopenconnect
1.00
infradeadopenconnect
1.10
infradeadopenconnect
1.20
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openconnect
bullseye
8.10-2
fixed
bookworm
9.01-3
fixed
sid
9.12-3
fixed
trixie
9.12-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openconnect
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://www.infradead.org/openconnect.html
http://www.infradead.org/openconnect.html