openvpn

OpenVPN’s use of Netfilter makes it susceptible to several attacks that can cause denial-of-service, deanonymization of clients, or redirection of a victim...

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred...

A security issue has been found in OpenVPN before 2.4.9, where a 'peer-id' check is not performed correctly during a small amount of time after a connection...

The bounds check in the read_key() function in OpenVPN before 2.4.4 and 2.3.18 was performed after using the value, instead of before.  If 'key-method 1' is...

A post-authentication remote DoS has been found in OpenVPN >= 2.4 and < 2.4.3, allowing a client to crash a server by sending a crafted certificate with an...

A use-after-free has been found in OpenVPN < 2.4.3. The issue is caused by extract_x509_extension() not checking the return value of ASN1_STRING_to_UTF8(),...

A pre-authentication remote crash/information disclosure vulnerability has been discovered in OpenVPN < 2.4.3. If the client uses a HTTP proxy with NTLM...

A remote denial of service has been found in OpenVPN < 2.4.3. A remote client can exploit a memory leak in the server's certificate parsing code to make it...

A remote denial of service has been found in OpenVPN < 2.4.3, allowing a remote client to crash a server by sending a malformed IPv6 packet. The issue...

A security issue has been found in OpenVPN <= 2.4.1 where an authenticated attacker can crash a server using an AEAD mode cipher by sending crafted data to...

A security issue has been found in OpenVPN <= 2.4.1 where an unauthenticated attacker can send a packet with an unexpected payload size during SSL...