Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openconnect | Infradead | * | 1.30 (including) |
| Openconnect | Infradead | 1.00 (including) | 1.00 (including) |
| Openconnect | Infradead | 1.10 (including) | 1.10 (including) |
| Openconnect | Infradead | 1.20 (including) | 1.20 (including) |
| Openconnect | Ubuntu | upstream | * |