CVE-2020-7043

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

packagechannelchannel versionpkg versionstatus
openfortivpn
nixos-20.03
2020-03-28 16:50:34 UTC (b0c285)1.11.0vulnerable
2020-03-28 01:25:31 UTC (85055b)1.11.0vulnerable
2020-03-26 22:10:38 UTC (3a009b)1.11.0vulnerable
2020-03-26 18:30:23 UTC (c6839e)1.11.0vulnerable
2020-03-21 08:05:45 UTC (b2935f)1.11.0vulnerable
2020-03-20 01:00:30 UTC (16dd1d)1.11.0vulnerable
2020-03-16 12:45:35 UTC (99a3d7)1.11.0vulnerable
2020-03-13 21:10:27 UTC (730453)1.11.0vulnerable
2020-03-10 15:20:40 UTC (dbacfa)1.11.0vulnerable
2020-03-10 04:00:23 UTC (da92e0)1.11.0vulnerable
2020-03-09 07:45:46 UTC (62b2bf)1.11.0vulnerable
2020-03-08 17:55:47 UTC (fb34ac)1.11.0vulnerable
2020-03-08 01:55:51 UTC (cbe553)1.11.0vulnerable
2020-03-07 19:50:24 UTC (b780ae)1.11.0vulnerable
2020-03-07 05:50:37 UTC (470731)1.11.0vulnerable
2020-03-06 07:05:18 UTC (1f99fd)1.11.0vulnerable
2020-03-05 13:35:28 UTC (08bcfe)1.11.0vulnerable
2020-03-02 16:00:33 UTC (61cc1f)1.11.0vulnerable
2020-03-02 00:30:27 UTC (ebc962)1.11.0vulnerable
2020-02-29 15:10:31 UTC (4f8bc8)1.11.0vulnerable
2020-02-28 22:00:25 UTC (89536c)1.11.0vulnerable
2020-02-28 09:40:24 UTC (a2bb25)1.11.0vulnerable
2020-02-27 23:50:30 UTC (f82333)1.11.0vulnerable
2020-02-27 05:40:34 UTC (be346a)1.11.0vulnerable
2020-02-27 04:10:22 UTC (8d49eb)1.11.0vulnerable
2020-02-24 16:25:25 UTC (68df00)1.11.0vulnerable
2020-02-23 18:10:20 UTC (04aca9)1.11.0vulnerable
2020-02-23 13:45:26 UTC (153baa)1.11.0vulnerable
2020-02-22 17:35:41 UTC (d31e38)1.11.0vulnerable
2020-02-20 11:25:36 UTC (71be72)1.11.0vulnerable