Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openvpn
(Openvpn)| Repositories | https://github.com/OpenVPN/openvpn |
| #Vulnerabilities | 31 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-06-27 | CVE-2017-7522 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | Openvpn | 6.5 | ||
| 2017-05-15 | CVE-2017-7478 | OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. | Openvpn | 7.5 | ||
| 2008-08-04 | CVE-2008-3459 | Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | Openvpn | N/A | ||
| 2005-08-24 | CVE-2005-2534 | Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate. | Openvpn | N/A | ||
| 2005-08-24 | CVE-2005-2533 | OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses. | Openvpn | N/A | ||
| 2005-08-24 | CVE-2005-2532 | OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted. | Openvpn | N/A | ||
| 2005-08-24 | CVE-2005-2531 | OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. | Openvpn | N/A |