Openvpn: >> Openvpn >> 2.3.11 Security Vulnerabilities
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
CVSS Score
7.4
EPSS Score
0.009
Published
2017-06-27
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
CVSS Score
5.9
EPSS Score
0.01
Published
2017-06-27
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
CVSS Score
6.5
EPSS Score
0.02
Published
2017-06-27
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-05-15
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
CVSS Score
5.9
EPSS Score
0.084
Published
2017-01-31
Page 2