openvpn

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An easy-to-use, robust and highly configurable VPN (Virtual Private Network)
Version 2.6.12-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2367 2.5.5-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-3773 AVG-2367 Medium Yes Information disclosure
OpenVPNā€™s use of Netfilter makes it susceptible to several attacks that can cause denial-of-service, deanonymization of clients, or redirection of a victim...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1861 2.5.1-1 2.5.2-1 Medium Fixed
AVG-1135 2.4.8-4 2.4.9-1 Medium Fixed
AVG-420 2.4.3-3 2.4.4-1 Medium Fixed
AVG-319 2.4.2-1 2.4.3-1 Medium Not affected
AVG-318 2.4.2-1 2.4.3-1 Critical Fixed
AVG-271 2.4.1-2 2.4.2-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-15078 AVG-1861 Medium Yes Authentication bypass
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred...
CVE-2020-11810 AVG-1135 Medium Yes Denial of service
A security issue has been found in OpenVPN before 2.4.9, where a 'peer-id' check is not performed correctly during a small amount of time after a connection...
CVE-2017-12166 AVG-420 Medium Yes Arbitrary code execution
The bounds check in the read_key() function in OpenVPN before 2.4.4 and 2.3.18 was performed after using the value, instead of before.  If 'key-method 1' is...
CVE-2017-7522 AVG-319 Medium Yes Denial of service
A post-authentication remote DoS has been found in OpenVPN >= 2.4 and < 2.4.3, allowing a client to crash a server by sending a crafted certificate with an...
CVE-2017-7521 AVG-318 High Yes Arbitrary code execution
A use-after-free has been found in OpenVPN < 2.4.3. The issue is caused by extract_x509_extension() not checking the return value of ASN1_STRING_to_UTF8(),...
CVE-2017-7520 AVG-318 Critical Yes Information disclosure
A pre-authentication remote crash/information disclosure vulnerability has been discovered in OpenVPN < 2.4.3. If the client uses a HTTP proxy with NTLM...
CVE-2017-7512 AVG-318 High Yes Denial of service
A remote denial of service has been found in OpenVPN < 2.4.3. A remote client can exploit a memory leak in the server's certificate parsing code to make it...
CVE-2017-7508 AVG-318 High Yes Denial of service
A remote denial of service has been found in OpenVPN < 2.4.3, allowing a remote client to crash a server by sending a malformed IPv6 packet. The issue...
CVE-2017-7479 AVG-271 Medium Yes Denial of service
A security issue has been found in OpenVPN <= 2.4.1 where an authenticated attacker can crash a server using an AEAD mode cipher by sending crafted data to...
CVE-2017-7478 AVG-271 High Yes Denial of service
A security issue has been found in OpenVPN <= 2.4.1 where an unauthenticated attacker can send a packet with an unexpected payload size during SSL...

Advisories

Date Advisory Group Severity Type
17 Apr 2020 ASA-202004-16 AVG-1135 Medium denial of service
28 Sep 2017 ASA-201709-21 AVG-420 Medium arbitrary code execution
22 Jun 2017 ASA-201706-27 AVG-318 Critical multiple issues
13 May 2017 ASA-201705-16 AVG-271 High denial of service