CVE-2020-11810Race Condition in Openvpn

CWE-362Race Condition6 documents5 sources
Severity
3.7LOWNVD
EPSS
2.4%
top 15.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
OpenvpnDebian OpenvpnDebian Linux+1 more
Timeline
PublishedApr 27
Latest updateMay 24

Description

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. T

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

debiandebian/openvpn< openvpn 2.4.9-1 (bookworm)
NVDopenvpn/openvpn2.4.02.4.9
Debianopenvpn/openvpn< 2.4.9-1+3
Ubuntuopenvpn/openvpn< 2.4.4-2ubuntu1.5+1

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 30, 32

Patches

Patch: github.comPatch: patchwork.openvpn.netPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-6crj-vqv7-qq9r: An issue was discovered in OpenVPN 22022-05-24
OSV
openvpn vulnerabilities2021-05-04
OSV
CVE-2020-11810: An issue was discovered in OpenVPN 22020-04-27

📋Vendor Advisories

2
Ubuntu
OpenVPN vulnerabilities2021-05-04
Debian
CVE-2020-11810: openvpn - An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a ...2020
CVE-2020-11810 — Race Condition in Openvpn | cvebase