Vulnerabilities > Openvpn

DATE CVE VULNERABILITY TITLE RISK
2017-06-27 CVE-2017-7521 Missing Release of Resource after Effective Lifetime vulnerability in Openvpn
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
network
high complexity
openvpn CWE-772
5.9
2017-06-27 CVE-2017-7520 Out-of-bounds Read vulnerability in Openvpn
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
network
high complexity
openvpn CWE-125
7.4
2017-06-27 CVE-2017-7508 Reachable Assertion vulnerability in Openvpn
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.
network
low complexity
openvpn CWE-617
7.5
2017-05-26 CVE-2017-5868 CRLF Injection vulnerability in Openvpn Access Server 2.1.4
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.
network
low complexity
openvpn CWE-93
6.1
2017-05-15 CVE-2017-7479 Reachable Assertion vulnerability in Openvpn
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
network
low complexity
openvpn CWE-617
6.5
2017-05-15 CVE-2017-7478 Improper Input Validation vulnerability in Openvpn
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet.
network
low complexity
openvpn CWE-20
7.5
2017-01-31 CVE-2016-6329 Information Exposure vulnerability in Openvpn
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
network
high complexity
openvpn CWE-200
5.9