Home > Vulnerability Database > CVE-2018-20319

Mend.io Vulnerability Database

CVE-2018-20319

Good to know:

Date: July 21, 2020

Openconnect before 8.00 is vulnerable to passwords found in memory. Clear full buffer in buf_truncate() and buf_free(), This reduces the chances of passwords and other secrets lying around in memory when we're done. Arguably if anyone can just read memory of the VPN client while it's running, the game is already lost

Language: C

Severity Score

4.2

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-20319

Url: https://github.com/openconnect/openconnect/commit/8b49f8e93e58cc4f4bfa89afc891993524b09acf

Url: https://github.com/openconnect/openconnect/commit/db4e72d7376ba32797e47d3690da233ed850d837

Url: https://www.mend.io/vulnerability-database/CVE-2018-20319

Severity Score

4.2

Top Fix

Upgrade Version

Upgrade to version v8.00

Learn More

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2018-20319

Good to know:

Date: July 21, 2020

Language: C

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?