CVE-2005-3409 — Openvpn vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

2.5%

top 14.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Debian Openvpn Openvpn Access Server

Timeline

PublishedNov 2

Latest updateMay 1

Description

OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/openvpn< openvpn 2.0.5-1 (bookworm)

▶Debianopenvpn/openvpn< 2.0.5-1+3

▶NVDopenvpn/openvpn76 versions+75

▶NVDopenvpn/openvpn_access_server2.0.1, 2.0.2+1

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-5cc7-3r85-874q: OpenVPN 2↗2022-05-01

▶

OSV

CVE-2005-3409: OpenVPN 2↗2005-11-02

▶

📋Vendor Advisories

Debian

CVE-2005-3409: openvpn - OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to c...↗2005

▶