rpm package
opensuse/openvpn-dco&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/openvpn-dco&distro=openSUSE%20Leap%2015.6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-13086 | — | < 2.6.10-150600.3.20.1 | 2.6.10-150600.3.20.1 | Dec 3, 2025 | Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client | ||
| CVE-2025-2704 | — | < 2.6.8-150600.3.17.1 | 2.6.8-150600.3.17.1 | Apr 2, 2025 | OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase | ||
| CVE-2024-5594 | — | < 2.6.8-150600.3.14.1 | 2.6.8-150600.3.14.1 | Jan 6, 2025 | OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs. |
- CVE-2025-13086Dec 3, 2025affected < 2.6.10-150600.3.20.1fixed 2.6.10-150600.3.20.1
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client
- CVE-2025-2704Apr 2, 2025affected < 2.6.8-150600.3.17.1fixed 2.6.8-150600.3.17.1
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
- CVE-2024-5594Jan 6, 2025affected < 2.6.8-150600.3.14.1fixed 2.6.8-150600.3.14.1
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.