Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/openvpn@2.5.1-3
purl pkg:deb/debian/openvpn@2.5.1-3
Next non-vulnerable version 2.6.3-1+deb12u4
Latest non-vulnerable version 2.6.3-1+deb12u4
Risk 4.4
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-faqk-wzr3-77be
Aliases:
CVE-2022-0547
Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure.
2.6.3-1+deb12u4
Affected by 0 other vulnerabilities.
VCID-htt5-x61p-2qar
Aliases:
CVE-2024-5594
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
2.6.3-1+deb12u4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-69y7-qv5p-gqar An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use. CVE-2020-11810
VCID-j1d4-djxq-dqct A vulnerability has been found in OpenVPN, allowing attackers to bypass the authentication process. CVE-2020-15078

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T23:10:54.339421+00:00 Debian Oval Importer Fixing VCID-69y7-qv5p-gqar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:39:51.868709+00:00 Debian Oval Importer Fixing VCID-j1d4-djxq-dqct https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:00:55.297435+00:00 Debian Oval Importer Affected by VCID-htt5-x61p-2qar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:12:29.101017+00:00 Debian Oval Importer Affected by VCID-faqk-wzr3-77be https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-11T22:46:50.959225+00:00 Debian Oval Importer Fixing VCID-69y7-qv5p-gqar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:20:57.209332+00:00 Debian Oval Importer Fixing VCID-j1d4-djxq-dqct https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:45:00.759663+00:00 Debian Oval Importer Affected by VCID-htt5-x61p-2qar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:59:54.366290+00:00 Debian Oval Importer Affected by VCID-faqk-wzr3-77be https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T22:21:35.503644+00:00 Debian Oval Importer Fixing VCID-69y7-qv5p-gqar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T20:01:40.099575+00:00 Debian Oval Importer Fixing VCID-j1d4-djxq-dqct https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:30:03.506779+00:00 Debian Oval Importer Affected by VCID-htt5-x61p-2qar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:52:58.244126+00:00 Debian Oval Importer Affected by VCID-faqk-wzr3-77be https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0