rpm package

opensuse/openvpn&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/openvpn&distro=openSUSE%20Tumbleweed

Vulnerabilities (18)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-2704		—	< 2.6.14-1.1	2.6.14-1.1	Apr 2, 2025	OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
CVE-2024-5594		—	< 2.6.10-5.1	2.6.10-5.1	Jan 6, 2025	OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
CVE-2024-28882		—	< 2.6.10-2.1	2.6.10-2.1	Jul 8, 2024	OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
CVE-2023-46850		—	< 2.6.7-1.1	2.6.7-1.1	Nov 11, 2023	Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
CVE-2023-46849		—	< 2.6.7-1.1	2.6.7-1.1	Nov 11, 2023	Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
CVE-2022-0547		—	< 2.5.6-1.1	2.5.6-1.1	Mar 18, 2022	OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
CVE-2020-15078		—	< 2.5.3-1.2	2.5.3-1.2	Apr 26, 2021	OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
CVE-2020-11810		—	< 2.5.3-1.2	2.5.3-1.2	Apr 27, 2020	An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's
CVE-2018-9336		—	< 2.5.3-1.2	2.5.3-1.2	May 1, 2018	openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have u
CVE-2018-7544		—	< 2.5.4-2.1	2.5.4-2.1	Mar 16, 2018	A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain
CVE-2017-12166	Cri	9.8	< 2.5.3-1.2	2.5.3-1.2	Oct 4, 2017	OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
CVE-2017-7522	Med	6.5	< 2.5.3-1.2	2.5.3-1.2	Jun 27, 2017	OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
CVE-2017-7521	Med	5.9	< 2.5.3-1.2	2.5.3-1.2	Jun 27, 2017	OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
CVE-2014-8104		—	< 2.3.11-3.1	2.3.11-3.1	Dec 3, 2014	OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
CVE-2006-4339		—	< 2.5.3-1.2	2.5.3-1.2	Sep 5, 2006	OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from cor
CVE-2006-1629		—	< 2.5.3-1.2	2.5.3-1.2	Apr 6, 2006	OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
CVE-2005-3409		—	< 2.5.3-1.2	2.5.3-1.2	Nov 2, 2005	OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.
CVE-2005-3393		—	< 2.5.3-1.2	2.5.3-1.2	Nov 1, 2005	Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.

CVE-2025-2704Apr 2, 2025
affected < 2.6.14-1.1fixed 2.6.14-1.1
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
CVE-2024-5594Jan 6, 2025
affected < 2.6.10-5.1fixed 2.6.10-5.1
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
CVE-2024-28882Jul 8, 2024
affected < 2.6.10-2.1fixed 2.6.10-2.1
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
CVE-2023-46850Nov 11, 2023
affected < 2.6.7-1.1fixed 2.6.7-1.1
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
CVE-2023-46849Nov 11, 2023
affected < 2.6.7-1.1fixed 2.6.7-1.1
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
CVE-2022-0547Mar 18, 2022
affected < 2.5.6-1.1fixed 2.5.6-1.1
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
CVE-2020-15078Apr 26, 2021
affected < 2.5.3-1.2fixed 2.5.3-1.2
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
CVE-2020-11810Apr 27, 2020
affected < 2.5.3-1.2fixed 2.5.3-1.2
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's
CVE-2018-9336May 1, 2018
affected < 2.5.3-1.2fixed 2.5.3-1.2
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have u
CVE-2018-7544Mar 16, 2018
affected < 2.5.4-2.1fixed 2.5.4-2.1
A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain
CVE-2017-12166CriOct 4, 2017
affected < 2.5.3-1.2fixed 2.5.3-1.2
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
CVE-2017-7522MedJun 27, 2017
affected < 2.5.3-1.2fixed 2.5.3-1.2
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
CVE-2017-7521MedJun 27, 2017
affected < 2.5.3-1.2fixed 2.5.3-1.2
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
CVE-2014-8104Dec 3, 2014
affected < 2.3.11-3.1fixed 2.3.11-3.1
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
CVE-2006-4339Sep 5, 2006
affected < 2.5.3-1.2fixed 2.5.3-1.2
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from cor
CVE-2006-1629Apr 6, 2006
affected < 2.5.3-1.2fixed 2.5.3-1.2
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
CVE-2005-3409Nov 2, 2005
affected < 2.5.3-1.2fixed 2.5.3-1.2
OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.
CVE-2005-3393Nov 1, 2005
affected < 2.5.3-1.2fixed 2.5.3-1.2
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.