Openvpn

Openvpn

38 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2017-7521

  • EPSS 1.08%
  • Published 27.06.2017 13:29:00
  • Last modified 20.04.2025 01:37:25

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

7.4

CVE-2017-7520

  • EPSS 0.88%
  • Published 27.06.2017 13:29:00
  • Last modified 20.04.2025 01:37:25

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

7.5

CVE-2017-7508

  • EPSS 0.74%
  • Published 27.06.2017 13:29:00
  • Last modified 20.04.2025 01:37:25

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

6.5

CVE-2017-7479

  • EPSS 0.81%
  • Published 15.05.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

7.5

CVE-2017-7478

  • EPSS 15.23%
  • Published 15.05.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

5.9

CVE-2016-6329

  • EPSS 5.51%
  • Published 31.01.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka ...

6.8

CVE-2014-8104

  • EPSS 1.47%
  • Published 03.12.2014 18:59:00
  • Last modified 12.04.2025 10:46:40

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

6.9

CVE-2014-5455

Exploit
  • EPSS 0.64%
  • Published 25.08.2014 16:55:04
  • Last modified 12.04.2025 10:46:40

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folde...

2.6

CVE-2013-2061

Exploit
  • EPSS 1.45%
  • Published 18.11.2013 02:55:07
  • Last modified 11.04.2025 00:51:21

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and ...

7.6

CVE-2008-3459

  • EPSS 0.59%
  • Published 04.08.2008 19:41:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metac...