Vulnerabilities > Openvpn > Openvpn
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-04 | CVE-2017-12166 | Out-of-bounds Write vulnerability in multiple products OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. | 6.8 |
| 2017-06-27 | CVE-2017-7522 | NULL Pointer Dereference vulnerability in Openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | 4.0 |
| 2017-06-27 | CVE-2017-7521 | Missing Release of Resource after Effective Lifetime vulnerability in Openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). | 4.3 |
| 2017-06-27 | CVE-2017-7520 | Out-of-bounds Read vulnerability in Openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. | 4.0 |
| 2017-06-27 | CVE-2017-7508 | Reachable Assertion vulnerability in Openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | 5.0 |
| 2017-05-15 | CVE-2017-7479 | Reachable Assertion vulnerability in Openvpn OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | 4.0 |
| 2017-05-15 | CVE-2017-7478 | Improper Input Validation vulnerability in Openvpn OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. | 5.0 |
| 2017-01-31 | CVE-2016-6329 | Information Exposure vulnerability in Openvpn OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | 4.3 |
| 2014-12-03 | CVE-2014-8104 | Resource Management Errors vulnerability in multiple products OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | 6.8 |
| 2014-08-25 | CVE-2014-5455 | Unquoted Search Path OR Element vulnerability in multiple products Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder. | 6.9 |