Search CVE reports


Toggle filters

1 – 10 of 47 results


CVE-2025-3908

Medium priority
Needs evaluation

The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.

1 affected package

openvpn3-client

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn3-client Not in release Not in release Not in release
Show less packages

CVE-2024-4877

Medium priority
Not affected

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Not affected Not affected Not affected Not affected
Show less packages

CVE-2025-2704

Medium priority
Fixed

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-1305

Medium priority
Ignored

tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code...

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-27903

Medium priority
Ignored

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-27459

Medium priority
Ignored

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-24974

Medium priority
Ignored

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-28820

Medium priority
Needs evaluation

Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control...

1 affected package

openvpn-auth-ldap

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn-auth-ldap Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-5594

Medium priority
Fixed

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-28882

Medium priority
Fixed

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

1 affected package

openvpn

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openvpn Fixed Not affected Not affected Not affected
Show less packages