OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.
Max CVSS
5.0
EPSS Score
9.33%
Published
2005-11-02
Updated
2020-05-12
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.
Max CVSS
2.6
EPSS Score
2.15%
Published
2005-08-24
Updated
2008-09-05
OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.
Max CVSS
2.1
EPSS Score
0.27%
Published
2005-08-24
Updated
2008-09-05
OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.
Max CVSS
5.0
EPSS Score
2.15%
Published
2005-08-24
Updated
2008-09-05
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
Max CVSS
5.0
EPSS Score
3.36%
Published
2005-08-24
Updated
2008-09-05
5 vulnerabilities found