OpenVPN — свободная реализация технологии виртуальной частной сети (VPN) с открытым исходным кодом для создания зашифрованных каналoв типа точка-точка или сервер-клиенты между компьютерами.
Релизный цикл, информация об уязвимостях
График релизов
Количество 189
SUSE-SU-2017:1642-1
Security update for openvpn
CVE-2017-7508
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.
CVE-2017-7520
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
CVE-2017-7522
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
CVE-2017-7521
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
BDU:2018-00021
Уязвимость пакета OpenVPN, существующая из-за неправильной обработки клиентских подключений к HTTP-прокси, позволяющая нарушителю выполнить произвольный код
CVE-2017-7479
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
CVE-2017-7479
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reac ...
CVE-2017-7478
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
CVE-2017-7478
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Deni ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | SUSE-SU-2017:1642-1 Security update for openvpn | 0% Низкий | больше 8 лет назад | |
 | CVE-2017-7508 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2017-7520 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2017-7522 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
| CVE-2017-7521 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). | CVSS3: 7.5 | 1% Низкий | больше 8 лет назад |
 | BDU:2018-00021 Уязвимость пакета OpenVPN, существующая из-за неправильной обработки клиентских подключений к HTTP-прокси, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.4 | 0% Низкий | больше 8 лет назад |
 | CVE-2017-7479 OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | CVSS3: 6.5 | 1% Низкий | больше 8 лет назад |
| CVE-2017-7479 OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reac ... | CVSS3: 6.5 | 1% Низкий | больше 8 лет назад |
| CVE-2017-7478 OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. | CVSS3: 7.5 | 7% Низкий | больше 8 лет назад |
| CVE-2017-7478 OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Deni ... | CVSS3: 7.5 | 7% Низкий | больше 8 лет назад |
Уязвимостей на страницу