Openvpn

Openvpn

47 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.47%
  • Veröffentlicht 06.07.2026 14:32:29
  • Zuletzt bearbeitet 09.07.2026 13:06:19

OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled

  • EPSS 0.52%
  • Veröffentlicht 06.07.2026 14:13:49
  • Zuletzt bearbeitet 09.07.2026 13:05:30

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service

  • EPSS 0.31%
  • Veröffentlicht 08.06.2026 19:59:20
  • Zuletzt bearbeitet 09.06.2026 02:08:28

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.

  • EPSS 0.32%
  • Veröffentlicht 08.06.2026 19:29:56
  • Zuletzt bearbeitet 09.06.2026 02:08:28

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted pac...

  • EPSS 0.32%
  • Veröffentlicht 30.01.2026 18:06:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

  • EPSS 0.62%
  • Veröffentlicht 03.12.2025 19:54:10
  • Zuletzt bearbeitet 30.01.2026 18:38:13

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service ...

  • EPSS 0.16%
  • Veröffentlicht 03.12.2025 16:22:35
  • Zuletzt bearbeitet 30.01.2026 18:43:57

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

  • EPSS 0.54%
  • Veröffentlicht 01.12.2025 12:43:02
  • Zuletzt bearbeitet 30.12.2025 14:52:06

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

  • EPSS 6.93%
  • Veröffentlicht 24.10.2025 10:15:34
  • Zuletzt bearbeitet 15.04.2026 00:35:42

OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use

  • EPSS 0.42%
  • Veröffentlicht 03.04.2025 16:15:32
  • Zuletzt bearbeitet 29.04.2025 19:45:07

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges