CVE-2005-2534 — Race Condition in Openvpn

4 documents4 sources

Severity

2.6LOWNVD

EPSS

0.6%

top 30.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Debian Openvpn

Timeline

PublishedAug 24

Latest updateMay 1

Description

Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openvpn< openvpn 2.0.2-1 (bookworm)

▶Debianopenvpn/openvpn< 2.0.2-1+3

▶NVDopenvpn/openvpn74 versions+73

Patches

Patch: www.mandriva.com ↗Patch: www.mandriva.com ↗

🔴Vulnerability Details

GHSA

GHSA-gj66-3prg-44gq: Race condition in OpenVPN before 2↗2022-05-01

▶

OSV

CVE-2005-2534: Race condition in OpenVPN before 2↗2005-08-24

▶

📋Vendor Advisories

Debian

CVE-2005-2534: openvpn - Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allo...↗2005

▶