CVE-2005-2533Openvpn vulnerability

4 documents4 sources
Severity
2.1LOWNVD
EPSS
0.3%
top 49.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OpenvpnDebian Openvpn
Timeline
PublishedAug 24
Latest updateMay 1

Description

OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

debiandebian/openvpn< openvpn 2.0.2-1 (bookworm)
Debianopenvpn/openvpn< 2.0.2-1+3
NVDopenvpn/openvpn74 versions+73

Patches

Patch: www.mandriva.comPatch: www.mandriva.com

🔴Vulnerability Details

2
GHSA
GHSA-q7pv-xr8p-6j5f: OpenVPN before 22022-05-01
OSV
CVE-2005-2533: OpenVPN before 22005-08-24

📋Vendor Advisories

1
Debian
CVE-2005-2533: openvpn - OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows r...2005
CVE-2005-2533 — Debian Openvpn vulnerability | cvebase