CVE-2021-3773: A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

Affected

12 ranges

Vendor	Product	Version range	Fixed in
fedoraproject	fedora	—	—
linux	linux_kernel	< 5.14	5.14
linux	linux_kernel	—	—
linux	linux_kernel	>= 5.15 < 5.15.15	5.15.15
msrc	cm1_kernel_5.10.189.1-1_on_cbl_mariner_1.0	—	—
oracle	communications_cloud_native_core_binding_support_function	—	—
oracle	communications_cloud_native_core_network_exposure_function	—	—
oracle	communications_cloud_native_core_policy	—	—
paloalto	pan-os	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL