Search for packages
| purl | pkg:deb/debian/openvpn@2.4.0-6%2Bdeb9u1~bpo8%2B1 |
| Next non-vulnerable version | 2.6.3-1+deb12u4 |
| Latest non-vulnerable version | 2.6.3-1+deb12u4 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-69y7-qv5p-gqar
Aliases: CVE-2020-11810 |
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use. |
Affected by 2 other vulnerabilities. |
|
VCID-faqk-wzr3-77be
Aliases: CVE-2022-0547 |
Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. |
Affected by 0 other vulnerabilities. |
|
VCID-htt5-x61p-2qar
Aliases: CVE-2024-5594 |
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs. |
Affected by 0 other vulnerabilities. |
|
VCID-j1d4-djxq-dqct
Aliases: CVE-2020-15078 |
A vulnerability has been found in OpenVPN, allowing attackers to bypass the authentication process. |
Affected by 2 other vulnerabilities. |
|
VCID-n8nh-wf64-8fgr
Aliases: CVE-2017-7508 |
security update |
Affected by 9 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-rkee-udq8-afg2
Aliases: CVE-2017-7522 |
openvpn: Multiple security issues fixed in OpenVPN 2.4.3 and 2.3.17 |
Affected by 4 other vulnerabilities. |
|
VCID-ruzb-y7qd-nfgc
Aliases: CVE-2017-12166 |
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. |
Affected by 4 other vulnerabilities. |
|
VCID-vucu-2pfy-93ds
Aliases: CVE-2017-7521 |
security update |
Affected by 9 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-zuyu-zw1g-uqg7
Aliases: CVE-2017-7520 |
security update |
Affected by 9 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-crrt-th9e-z3ay | OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. |
CVE-2017-7479
|
| VCID-wk2j-j9y1-5yhp | OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. |
CVE-2017-7478
|