cpe:2.3:a:openvpn:openvpn:2.4.0:*:*:*:*:*:*:*
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
Max CVSS
9.8
EPSS Score
0.71%
Published
2017-10-04
Updated
2022-05-12
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
Max CVSS
6.5
EPSS Score
0.29%
Published
2017-06-27
Updated
2017-07-07
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
Max CVSS
5.9
EPSS Score
1.20%
Published
2017-06-27
Updated
2019-10-03
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
Max CVSS
7.4
EPSS Score
0.50%
Published
2017-06-27
Updated
2019-10-03
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.
Max CVSS
7.5
EPSS Score
1.70%
Published
2017-06-27
Updated
2019-10-03
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
Max CVSS
6.5
EPSS Score
0.38%
Published
2017-05-15
Updated
2019-10-03
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Max CVSS
7.5
EPSS Score
23.58%
Published
2017-05-15
Updated
2017-08-16
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!