Openvpn: Security Vulnerabilities
Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash
CVSS Score
5.5
EPSS Score
0.0
Published
2025-06-20
The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-05-19
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges
CVSS Score
8.8
EPSS Score
0.002
Published
2025-04-03
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
CVSS Score
7.5
EPSS Score
0.002
Published
2025-04-02
Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3
CVSS Score
5.3
EPSS Score
0.0
Published
2025-01-20
OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-01-15
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic
CVSS Score
7.5
EPSS Score
0.002
Published
2025-01-06
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
CVSS Score
9.1
EPSS Score
0.003
Published
2025-01-06
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
CVSS Score
4.3
EPSS Score
0.003
Published
2024-07-08
tap-windows6 driver version 9.26 and earlier does not properly
check the size data of incomming write operations which an attacker can
use to overflow memory buffers, resulting in a bug check and potentially
arbitrary code execution in kernel space
CVSS Score
9.8
EPSS Score
0.083
Published
2024-07-08
Page 1