Openvpn

Openvpn

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2017-7521

  • EPSS 1.08%
  • Veröffentlicht 27.06.2017 13:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

7.4

CVE-2017-7520

  • EPSS 0.88%
  • Veröffentlicht 27.06.2017 13:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

7.5

CVE-2017-7508

  • EPSS 0.74%
  • Veröffentlicht 27.06.2017 13:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

6.5

CVE-2017-7479

  • EPSS 0.81%
  • Veröffentlicht 15.05.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

7.5

CVE-2017-7478

  • EPSS 15.23%
  • Veröffentlicht 15.05.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

5.9

CVE-2016-6329

  • EPSS 5.51%
  • Veröffentlicht 31.01.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka ...

6.8

CVE-2014-8104

  • EPSS 1.47%
  • Veröffentlicht 03.12.2014 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

6.9

CVE-2014-5455

Exploit
  • EPSS 0.64%
  • Veröffentlicht 25.08.2014 16:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folde...

2.6

CVE-2013-2061

Exploit
  • EPSS 1.45%
  • Veröffentlicht 18.11.2013 02:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and ...

7.6

CVE-2008-3459

  • EPSS 0.59%
  • Veröffentlicht 04.08.2008 19:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metac...