OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openvpn openvpn 2.3.12 |
||
openvpn openvpn 2.3.14 |
||
openvpn openvpn 2.4.0 |
||
openvpn openvpn 2.3.13 |
||
openvpn openvpn 2.4.1 |
Two code reviews give crypto client nearly clean bill of health
The venerable OpenVPN client has been given a mostly clean bill of health. Between December and February, a team led by Johns Hopkins University crypto-boffin Dr Matthew Green has been auditing OpenVPN 2.4's code. The review, paid for by Private Internet Access (which uses the software), has been published. While all software has bugs, the most important part of the verdict is that the review found “no major vulnerabilities”. Apparently, the project offers a bit of a tutorial for how to deve...