FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
efb965be-a2c0-11eb-8956-1951a8617e30openvpn -- deferred authentication can be bypassed in specific circumstances

Gert Döring reports:

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.


Discovery 2021-03-02
Entry 2021-04-21
openvpn
< 2.5.2

openvpn-mbedtls
< 2.5.2

https://community.openvpn.net/openvpn/wiki/CVE-2020-15078
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252
CVE-2020-15078
8604121c-7fc2-11ea-bcac-7781e90b0c8fopenvpn -- illegal client float can break VPN session for other users

Lev Stipakov and Gert Doering report:

There is a time frame between allocating peer-id and initializing data channel key (which is performed on receiving push request or on async push-reply) in which the existing peer-id float checks do not work right.

If a "rogue" data channel packet arrives during that time frame from another address and with same peer-id, this would cause client to float to that new address.

The net effect of this behaviour is that the VPN session for the "victim client" is broken. Since the "attacker client" does not have suitable keys, it can not inject or steal VPN traffic from the other session. The time window is small and it can not be used to attack a specific client's session, unless some other way is found to make it disconnect and reconnect first.


Discovery 2020-04-13
Entry 2020-04-16
openvpn
< 2.4.8_3

openvpn-mbedtls
< 2.4.8_3

openvpn-devel
< 202016

https://github.com/OpenVPN/openvpn/commit/f7b318f811bb43c0d3aa7f337ec6242ed2c33881
https://sourceforge.net/p/openvpn/openvpn/ci/f7b318f811bb43c0d3aa7f337ec6242ed2c33881/
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19720.html
https://community.openvpn.net/openvpn/ticket/1272
https://patchwork.openvpn.net/patch/1077/
CVE-2020-11810
9f65d382-56a4-11e7-83e3-080027ef73ecOpenVPN -- several vulnerabilities

Samuli Seppänen reports:

In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. [...] The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17.

This is a list of fixed important vulnerabilities:

  • Remotely-triggerable ASSERT() on malformed IPv6 packet
  • Pre-authentication remote crash/information disclosure for clients
  • Potential double-free in --x509-alt-username
  • Remote-triggerable memory leaks
  • Post-authentication remote DoS when using the --x509-track option
  • Null-pointer dereference in establish_http_proxy_passthru()

Discovery 2017-05-19
Entry 2017-06-21
openvpn
< 2.3.17

ge 2.4.0 lt 2.4.3

openvpn-mbedtls
< 2.4.3

openvpn-polarssl
< 2.3.17

CVE-2017-7520
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
CVE-2017-7508
CVE-2017-7512
CVE-2017-7521
CVE-2017-7522
45a72180-a640-11ec-a08b-85298243e224openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins

David Sommerseth reports:

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. This issue is resolved in OpenVPN 2.4.12 and v2.5.6.


Discovery 2022-03-10
Entry 2022-03-17
openvpn
< 2.5.6

openvpn-mbedtls
< 2.5.6

CVE-2022-0547
https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256
3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8OpenVPN -- out-of-bounds write in legacy key-method 1

Steffan Karger reports:

The bounds check in read_key() was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. [...]

Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4 and marked for removal in 2.5. This should limit the amount of users impacted by this issue.


Discovery 2017-09-21
Entry 2017-09-27
openvpn-polarssl
< 2.3.18

openvpn-mbedtls
ge 2.4.0 lt 2.4.4

openvpn
ge 2.4.0 lt 2.4.4

< 2.3.18

https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15492.html
CVE-2017-12166