Openvpn

Openvpn

47 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.82%
  • Veröffentlicht 02.04.2025 21:15:32
  • Zuletzt bearbeitet 23.10.2025 11:15:31

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

  • EPSS 0.82%
  • Veröffentlicht 06.01.2025 14:15:08
  • Zuletzt bearbeitet 03.11.2025 21:18:47

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

  • EPSS 0.67%
  • Veröffentlicht 08.07.2024 22:15:02
  • Zuletzt bearbeitet 10.06.2025 16:26:09

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

  • EPSS 8.92%
  • Veröffentlicht 08.07.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 09:05:23

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

  • EPSS 8.26%
  • Veröffentlicht 08.07.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 09:04:39

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

  • EPSS 9.76%
  • Veröffentlicht 08.07.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 09:00:04

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.

  • EPSS 0.21%
  • Veröffentlicht 21.02.2024 11:15:07
  • Zuletzt bearbeitet 06.05.2025 18:02:59

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbit...

  • EPSS 1.98%
  • Veröffentlicht 11.11.2023 01:15:07
  • Zuletzt bearbeitet 23.06.2026 22:16:30

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

  • EPSS 1.14%
  • Veröffentlicht 11.11.2023 01:15:07
  • Zuletzt bearbeitet 11.06.2025 15:15:26

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

  • EPSS 0.69%
  • Veröffentlicht 22.08.2023 19:16:08
  • Zuletzt bearbeitet 21.11.2024 05:12:17

Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.