Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities found for Access Server by OpenVPN
CVE-2025-50055 (GCVE-0-2025-50055)
Vulnerability from nvd – Published: 2025-10-27 13:39 – Updated: 2025-10-30 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenVPN | Access Server |
Affected:
2.14.0 , ≤ 2.14.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-50055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T18:23:34.406354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:23:58.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.14.3",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:access_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.14.3",
"versionStartIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:39:43.652Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-0"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-50055",
"datePublished": "2025-10-27T13:39:43.652Z",
"dateReserved": "2025-06-11T17:29:58.718Z",
"dateUpdated": "2025-10-30T18:23:58.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46850 (GCVE-0-2023-46850)
Vulnerability from nvd – Published: 2023-11-11 00:15 – Updated: 2025-12-16 18:23
VLAI?
Summary
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| OpenVPN | OpenVPN 2 (Community) |
Affected:
2.6.0 , ≤ 2.6.6
(minor release)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"tags": [
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T14:59:47.646924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:23:24.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN 2 (Community)",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "2.6.0",
"versionType": "minor release"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.11.3",
"status": "affected",
"version": "2.11.0",
"versionType": "patch release"
},
{
"lessThanOrEqual": "2.12.2",
"status": "affected",
"version": "2.12.0",
"versionType": "patch release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T02:06:20.991Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2023-46850",
"datePublished": "2023-11-11T00:15:07.076Z",
"dateReserved": "2023-10-27T13:38:49.496Z",
"dateUpdated": "2025-12-16T18:23:24.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46849 (GCVE-0-2023-46849)
Vulnerability from nvd – Published: 2023-11-11 00:05 – Updated: 2025-06-11 14:30
VLAI?
Summary
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Severity ?
7.5 (High)
CWE
- CWE-369 - Divide By Zero
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| OpenVPN | OpenVPN 2 (Community) |
Affected:
2.6.0 , ≤ 2.6.6
(minor release)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"tags": [
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:28:40.866061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:30:02.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN 2 (Community)",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "2.6.0",
"versionType": "minor release"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.11.3",
"status": "affected",
"version": "2.11.0",
"versionType": "patch release"
},
{
"lessThanOrEqual": "2.12.1",
"status": "affected",
"version": "2.12.0",
"versionType": "patch release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T02:06:19.217Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2023-46849",
"datePublished": "2023-11-11T00:05:13.487Z",
"dateReserved": "2023-10-27T13:38:49.496Z",
"dateUpdated": "2025-06-11T14:30:02.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-50055 (GCVE-0-2025-50055)
Vulnerability from cvelistv5 – Published: 2025-10-27 13:39 – Updated: 2025-10-30 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenVPN | Access Server |
Affected:
2.14.0 , ≤ 2.14.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-50055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T18:23:34.406354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:23:58.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.14.3",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:access_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.14.3",
"versionStartIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:39:43.652Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-0"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-50055",
"datePublished": "2025-10-27T13:39:43.652Z",
"dateReserved": "2025-06-11T17:29:58.718Z",
"dateUpdated": "2025-10-30T18:23:58.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46850 (GCVE-0-2023-46850)
Vulnerability from cvelistv5 – Published: 2023-11-11 00:15 – Updated: 2025-12-16 18:23
VLAI?
Summary
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| OpenVPN | OpenVPN 2 (Community) |
Affected:
2.6.0 , ≤ 2.6.6
(minor release)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"tags": [
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T14:59:47.646924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:23:24.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN 2 (Community)",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "2.6.0",
"versionType": "minor release"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.11.3",
"status": "affected",
"version": "2.11.0",
"versionType": "patch release"
},
{
"lessThanOrEqual": "2.12.2",
"status": "affected",
"version": "2.12.0",
"versionType": "patch release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T02:06:20.991Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2023-46850",
"datePublished": "2023-11-11T00:15:07.076Z",
"dateReserved": "2023-10-27T13:38:49.496Z",
"dateUpdated": "2025-12-16T18:23:24.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46849 (GCVE-0-2023-46849)
Vulnerability from cvelistv5 – Published: 2023-11-11 00:05 – Updated: 2025-06-11 14:30
VLAI?
Summary
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Severity ?
7.5 (High)
CWE
- CWE-369 - Divide By Zero
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| OpenVPN | OpenVPN 2 (Community) |
Affected:
2.6.0 , ≤ 2.6.6
(minor release)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"tags": [
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:28:40.866061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:30:02.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN 2 (Community)",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "2.6.0",
"versionType": "minor release"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.11.3",
"status": "affected",
"version": "2.11.0",
"versionType": "patch release"
},
{
"lessThanOrEqual": "2.12.1",
"status": "affected",
"version": "2.12.0",
"versionType": "patch release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T02:06:19.217Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2023-46849",
"datePublished": "2023-11-11T00:05:13.487Z",
"dateReserved": "2023-10-27T13:38:49.496Z",
"dateUpdated": "2025-06-11T14:30:02.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-200605-0584
Vulnerability from variot - Updated: 2025-04-03 22:38OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. OpenVPN is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0584",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openvpn",
"scope": "eq",
"trust": 1.9,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta5"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta18"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta3"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta4"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta20"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta28"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta7"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta19"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc21"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test16"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc3"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test10"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc5"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta11"
},
{
"model": "access server",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test11"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc13"
},
{
"model": "access server",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc12"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc20"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test29"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test25"
},
{
"model": "access server",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.7"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta10"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc17"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc19"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test5"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test22"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test23"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test21"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test20"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test12"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc15"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc3"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.4"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc4"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test9"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc18"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc7"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc8"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc14"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test27"
},
{
"model": "access server",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.5"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc9"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc10"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test15"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc7"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test19"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test3"
},
{
"model": "access server",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test24"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc5"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta13"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta12"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test26"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test7"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta17"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test14"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.3_rc1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc11"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test17"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test18"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta8"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc4"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test8"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.2_rc1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta9"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.6_rc1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta16"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta15"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc16"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test4"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.9,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "2.0.1 rc1",
"scope": null,
"trust": 0.6,
"vendor": "openvpn",
"version": null
},
{
"model": "2.0.1 rc2",
"scope": null,
"trust": 0.6,
"vendor": "openvpn",
"version": null
},
{
"model": "2.0.1 rc3",
"scope": null,
"trust": 0.6,
"vendor": "openvpn",
"version": null
},
{
"model": "2.0.1 rc4",
"scope": null,
"trust": 0.6,
"vendor": "openvpn",
"version": null
},
{
"model": "2.0.1 rc5",
"scope": null,
"trust": 0.6,
"vendor": "openvpn",
"version": null
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "3.1.3"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.7"
},
{
"model": "rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.5"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.3"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.2"
},
{
"model": "rc7",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc6",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "test9",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test8",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test7",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test6",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test5",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test4",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test3",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test29",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test27",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test26",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test25",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test24",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test23",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test22",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test21",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test20",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test2",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test19",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test18",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test17",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test16",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test15",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test14",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test12",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test11",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test10",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc9",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc8",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc7",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc6",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc21",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc20",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc19",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc18",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc17",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc16",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc15",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc14",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc13",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc12",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc11",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc10",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta9",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta8",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta7",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta6",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta4",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta28",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta20",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta19",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta18",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta17",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta16",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta15",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta13",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta12",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta11",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta10",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "BID",
"id": "87623"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "87623"
}
],
"trust": 0.3
},
"cve": "CVE-2006-2229",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2006-2229",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2006-2916",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-2229",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2006-2916",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-102",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. OpenVPN is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2229"
},
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "BID",
"id": "87623"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-2229",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "25660",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2006-2916",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102",
"trust": 0.6
},
{
"db": "BID",
"id": "87623",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "BID",
"id": "87623"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"id": "VAR-200605-0584",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
}
]
},
"last_update_date": "2025-04-03T22:38:09.669000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://openvpn.net/man.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/432863/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/25660"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/432867/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/433000/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/432863/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/archive/1/archive/1/433000/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/archive/1/archive/1/432867/100/0/threaded"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "BID",
"id": "87623"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "BID",
"id": "87623"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"date": "2006-05-05T00:00:00",
"db": "BID",
"id": "87623"
},
{
"date": "2006-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"date": "2006-05-05T19:02:00",
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"date": "2006-05-05T00:00:00",
"db": "BID",
"id": "87623"
},
{
"date": "2020-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenVPN management interface TCP session information disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
}
],
"trust": 0.6
}
}