CVE-2025-2704

Опубликовано: 02 апр. 2025

Источник: debian

Описание

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
openvpn	fixed	2.6.14-1		package
openvpn	fixed	2.6.3-1+deb12u3	bookworm	package
openvpn	not-affected		bullseye	package

Примечания

https://community.openvpn.net/openvpn/wiki/CVE-2025-2704
Introduced after: https://github.com/OpenVPN/openvpn/commit/788ce35cf09aff09b79f428cdd6cfc0ff8627934 (v2.6_beta1)
Fixed by: https://github.com/OpenVPN/openvpn/commit/d3015bfd65348db629dab51e20a9d4e2f3b23493 (v2.6.14)

Связанные уязвимости

CVE-2025-2704

CVSS3: 7.5

ubuntu

3 месяца назад

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

CVE-2025-2704

CVSS3: 7.5

nvd

3 месяца назад

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

SUSE-SU-2025:1508-1

suse-cvrf

около 1 месяца назад

Security update for openvpn

SUSE-SU-2025:01508-1

suse-cvrf

12 дней назад

Security update for openvpn

GHSA-5gwv-2q72-gxrm

CVSS3: 7.5

github

3 месяца назад

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase