Search for packages
| purl | pkg:deb/debian/openvpn@2.3.2-7~bpo70%2B2 |
| Next non-vulnerable version | 2.6.3-1+deb12u4 |
| Latest non-vulnerable version | 2.6.3-1+deb12u4 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-69y7-qv5p-gqar
Aliases: CVE-2020-11810 |
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use. |
Affected by 2 other vulnerabilities. |
|
VCID-crrt-th9e-z3ay
Aliases: CVE-2017-7479 |
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. |
Affected by 9 other vulnerabilities. |
|
VCID-faqk-wzr3-77be
Aliases: CVE-2022-0547 |
Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. |
Affected by 0 other vulnerabilities. |
|
VCID-htt5-x61p-2qar
Aliases: CVE-2024-5594 |
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs. |
Affected by 0 other vulnerabilities. |
|
VCID-j1d4-djxq-dqct
Aliases: CVE-2020-15078 |
A vulnerability has been found in OpenVPN, allowing attackers to bypass the authentication process. |
Affected by 2 other vulnerabilities. |
|
VCID-n8nh-wf64-8fgr
Aliases: CVE-2017-7508 |
security update |
Affected by 11 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-rkee-udq8-afg2
Aliases: CVE-2017-7522 |
openvpn: Multiple security issues fixed in OpenVPN 2.4.3 and 2.3.17 |
Affected by 4 other vulnerabilities. |
|
VCID-ruzb-y7qd-nfgc
Aliases: CVE-2017-12166 |
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. |
Affected by 4 other vulnerabilities. |
|
VCID-vucu-2pfy-93ds
Aliases: CVE-2017-7521 |
security update |
Affected by 11 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-wk2j-j9y1-5yhp
Aliases: CVE-2017-7478 |
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. |
Affected by 9 other vulnerabilities. |
|
VCID-ydbr-c3uf-zbfb
Aliases: CVE-2014-8104 |
A vulnerability in OpenVPN could lead to Denial of Service. |
Affected by 11 other vulnerabilities. |
|
VCID-zuyu-zw1g-uqg7
Aliases: CVE-2017-7520 |
security update |
Affected by 11 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5ufa-f13v-8uea | Multiple vulnerabilities have been found in OpenVPN, allowing remote attackers to read encrypted traffic. |
CVE-2013-2061
|