OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
Max CVSS
9.8
EPSS Score
0.71%
Published
2017-10-04
Updated
2022-05-12
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
Max CVSS
6.5
EPSS Score
0.29%
Published
2017-06-27
Updated
2017-07-07
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
Max CVSS
5.9
EPSS Score
1.20%
Published
2017-06-27
Updated
2019-10-03
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
Max CVSS
7.4
EPSS Score
0.50%
Published
2017-06-27
Updated
2019-10-03
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.
Max CVSS
7.5
EPSS Score
1.70%
Published
2017-06-27
Updated
2019-10-03
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
Max CVSS
6.5
EPSS Score
0.38%
Published
2017-05-15
Updated
2019-10-03
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Max CVSS
7.5
EPSS Score
23.58%
Published
2017-05-15
Updated
2017-08-16
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
Max CVSS
5.9
EPSS Score
0.52%
Published
2017-01-31
Updated
2019-07-09
8 vulnerabilities found