OpenVPN — свободная реализация технологии виртуальной частной сети (VPN) с открытым исходным кодом для создания зашифрованных каналoв типа точка-точка или сервер-клиенты между компьютерами.
Релизный цикл, информация об уязвимостях
График релизов
Количество 186
CVE-2005-2533
OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode ...
CVE-2005-2534
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ena ...
CVE-2005-2533
OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.
CVE-2005-2531
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
CVE-2005-2534
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.
CVE-2005-2532
OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2005-2533 OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode ... | CVSS2: 2.1 | 0% Низкий | почти 20 лет назад |
| CVE-2005-2534 Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ena ... | CVSS2: 2.6 | 1% Низкий | почти 20 лет назад |
 | CVE-2005-2533 OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses. | CVSS2: 2.1 | 0% Низкий | почти 20 лет назад |
| CVE-2005-2531 OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. | CVSS2: 5 | 1% Низкий | почти 20 лет назад |
| CVE-2005-2534 Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate. | CVSS2: 2.6 | 1% Низкий | почти 20 лет назад |
| CVE-2005-2532 OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted. | CVSS2: 5 | 1% Низкий | почти 20 лет назад |
Уязвимостей на страницу