Search for packages
| purl | pkg:deb/debian/openvpn@2.6.14-1%2Bdeb13u1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1ua8-gb48-27bp | OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses. |
CVE-2005-2533
|
| VCID-28zy-wt9q-5udk | The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service. |
CVE-2024-24974
|
| VCID-3d2h-6g1w-vyb5 | openvpn: client command execution through remotely received configuration directives |
CVE-2008-3459
|
| VCID-5sv2-yh8n-cubr | OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted. |
CVE-2005-2532
|
| VCID-5ufa-f13v-8uea | Multiple vulnerabilities have been found in OpenVPN, allowing remote attackers to read encrypted traffic. |
CVE-2013-2061
|
| VCID-5wv8-4q5c-4fev | OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe). |
CVE-2021-3606
|
| VCID-69y7-qv5p-gqar | An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use. |
CVE-2020-11810
|
| VCID-6h6c-h3va-dbfk | OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use |
CVE-2025-10680
|
| VCID-7k7e-z4tf-6uc4 | Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. |
CVE-2023-46850
|
| VCID-7z4a-jb81-k3ct | OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. |
CVE-2006-1629
|
| VCID-9pep-1c3x-vyen | OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. |
CVE-2005-2531
|
| VCID-9ymq-r7r1-4uh9 | openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation. |
CVE-2018-9336
|
| VCID-ayrd-g1eb-h3dt | OpenVPN: OpenVPN: Local denial of service vulnerability in interactive service agent |
CVE-2025-13751
|
| VCID-crrt-th9e-z3ay | OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. |
CVE-2017-7479
|
| VCID-dqae-zqkh-mqdf | The OpenVPN client is potentially vulnerable to the execution of arbitrary code and the OpenVPN server is vulnerable to a Denial of Service issue. |
CVE-2005-3393
|
| VCID-faqk-wzr3-77be | Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. |
CVE-2022-0547
|
| VCID-hdnv-2fe2-wqax | Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate. |
CVE-2005-2534
|
| VCID-hr11-3ew1-4fgk | OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase |
CVE-2025-2704
|
| VCID-htt5-x61p-2qar | OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs. |
CVE-2024-5594
|
| VCID-j1d4-djxq-dqct | A vulnerability has been found in OpenVPN, allowing attackers to bypass the authentication process. |
CVE-2020-15078
|
| VCID-junc-6y8j-cbe2 | OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session |
CVE-2024-28882
|
| VCID-n8nh-wf64-8fgr | security update |
CVE-2017-7508
|
| VCID-pspa-n4yc-j7hr | The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges. |
CVE-2024-27459
|
| VCID-qw3z-yr6x-2uhd | OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. |
CVE-2024-27903
|
| VCID-qwa7-cv2s-53hp | Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses |
CVE-2025-12106
|
| VCID-rkee-udq8-afg2 | openvpn: Multiple security issues fixed in OpenVPN 2.4.3 and 2.3.17 |
CVE-2017-7522
|
| VCID-rprb-r52n-7ygu | OpenVPN: OpenVPN: Improper validation of source IP addresses leads to denial of service |
CVE-2025-13086
|
| VCID-ruzb-y7qd-nfgc | OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. |
CVE-2017-12166
|
| VCID-ttj5-upnp-3qfd | Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. |
CVE-2023-46849
|
| VCID-vucu-2pfy-93ds | security update |
CVE-2017-7521
|
| VCID-vxf8-ysa7-3qcu | The OpenVPN client is potentially vulnerable to the execution of arbitrary code and the OpenVPN server is vulnerable to a Denial of Service issue. |
CVE-2005-3409
|
| VCID-w1eu-fbhk-pucv | OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges |
CVE-2024-4877
|
| VCID-wk2j-j9y1-5yhp | OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. |
CVE-2017-7478
|
| VCID-xwnt-nju3-yybg | Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service |
CVE-2025-15497
|
| VCID-ydbr-c3uf-zbfb | A vulnerability in OpenVPN could lead to Denial of Service. |
CVE-2014-8104
|
| VCID-zuyu-zw1g-uqg7 | security update |
CVE-2017-7520
|