CVE-2005-2532Openvpn vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
1.5%
top 19.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OpenvpnDebian Openvpn
Timeline
PublishedAug 24
Latest updateMay 1

Description

OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/openvpn< openvpn 2.0.2-1 (bookworm)
Debianopenvpn/openvpn< 2.0.2-1+3
NVDopenvpn/openvpn74 versions+73

Patches

Patch: www.mandriva.comPatch: www.mandriva.com

🔴Vulnerability Details

2
GHSA
GHSA-86x4-whvc-8cfg: OpenVPN before 22022-05-01
OSV
CVE-2005-2532: OpenVPN before 22005-08-24

📋Vendor Advisories

1
Debian
CVE-2005-2532: openvpn - OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a pack...2005
CVE-2005-2532 — Debian Openvpn vulnerability | cvebase