Описание
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.3.1-2ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 2.3.1-2ubuntu1 |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| oneiric | ignored | end of life |
| precise | released | 2.2.1-8ubuntu1.3 |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | not-affected | 2.3.1-2ubuntu1 |
| trusty | not-affected | 2.3.1-2ubuntu1 |
Показывать по
EPSS
2.6 Low
CVSS2
Связанные уязвимости
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ...
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить целостность и доступность защищаемой информации
EPSS
2.6 Low
CVSS2