OpenVPN
Sign in to watchby OpenVPN
Source repositories
CVEs (26)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7478 | Hig | 0.52 | 7.5 | 0.05 | May 15, 2017 | OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. | |
| CVE-2017-7508 | Hig | 0.49 | 7.5 | 0.00 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | |
| CVE-2017-7520 | Hig | 0.48 | 7.4 | 0.00 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. | |
| CVE-2017-7522 | Med | 0.42 | 6.5 | 0.01 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | |
| CVE-2017-7479 | Med | 0.42 | 6.5 | 0.00 | May 15, 2017 | OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | |
| CVE-2017-7521 | Med | 0.38 | 5.9 | 0.01 | Jun 27, 2017 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). | |
| CVE-2014-5455 | 0.03 | — | 0.00 | Aug 25, 2014 | Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder. | ||
| CVE-2025-13086 | 0.00 | — | 0.00 | Dec 3, 2025 | Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client | ||
| CVE-2025-13751 | 0.00 | — | 0.00 | Dec 3, 2025 | Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service. | ||
| CVE-2025-12106 | 0.00 | — | 0.00 | Dec 1, 2025 | Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses | ||
| CVE-2024-4877 | 0.00 | — | 0.00 | Apr 3, 2025 | OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges | ||
| CVE-2025-2704 | 0.00 | — | 0.01 | Apr 2, 2025 | OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase | ||
| CVE-2024-5594 | 0.00 | — | 0.00 | Jan 6, 2025 | OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs. | ||
| CVE-2024-28882 | 0.00 | — | 0.00 | Jul 8, 2024 | OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session | ||
| CVE-2023-7235 | 0.00 | — | 0.00 | Feb 21, 2024 | The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables. | ||
| CVE-2014-8104 | 0.00 | — | 0.02 | Dec 3, 2014 | OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | ||
| CVE-2013-2061 | 0.00 | — | 0.01 | Nov 18, 2013 | The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. | ||
| CVE-2008-3459 | 0.00 | — | 0.01 | Aug 4, 2008 | Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | ||
| CVE-2006-2229 | 0.00 | — | 0.01 | May 5, 2006 | OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. | ||
| CVE-2006-1629 | 0.00 | — | 0.04 | Apr 6, 2006 | OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. |