Openvpn: >> Openvpn >> 2.3.12 Security Vulnerabilities
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
CVSS Score
7.4
EPSS Score
0.009
Published
2017-06-27
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
CVSS Score
5.9
EPSS Score
0.01
Published
2017-06-27
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
CVSS Score
6.5
EPSS Score
0.02
Published
2017-06-27
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
CVSS Score
7.5
EPSS Score
0.152
Published
2017-05-15
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-05-15
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
CVSS Score
5.9
EPSS Score
0.084
Published
2017-01-31
Page 2