Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-2061HistoryNov 18, 2013 - 2:55 a.m.
CVE-2013-2061
2013-11-1802:55:07
Debian Security Bug Tracker
security-tracker.debian.org
7
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.9%
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | openvpn | < 2.3.1-1 | openvpn_2.3.1-1_all.deb |
| Debian | 11 | all | openvpn | < 2.3.1-1 | openvpn_2.3.1-1_all.deb |
| Debian | 999 | all | openvpn | < 2.3.1-1 | openvpn_2.3.1-1_all.deb |
| Debian | 13 | all | openvpn | < 2.3.1-1 | openvpn_2.3.1-1_all.deb |
Related
nessus
nessus
SuSE 11.3 Security Update : openvpn (SAT Patch Number 8493)
2013-11-29 00:00:00
OpenVPN < 2.3.1 Information Disclosure Vulnerability (Windows)
2019-05-17 00:00:00
Mandriva Linux Security Advisory : openvpn (MDVSA-2013:167)
2013-05-28 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2368-1)
2014-10-03 00:00:00
Fedora Update for openvpn FEDORA-2013-7531
2013-05-17 00:00:00
Fedora Update for openvpn FEDORA-2013-7552
2013-05-17 00:00:00
ubuntucve
ubuntucve
CVE-2013-2061
2013-11-17 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:167 ] openvpn
2013-06-05 00:00:00
OpenVPN cryptography weakness
2013-06-05 00:00:00
nvd
nvd
CVE-2013-2061
2013-11-18 02:55:07
cve
cve
CVE-2013-2061
2013-11-18 02:55:07
kaspersky
kaspersky
KLA10281 OSI vulnerability in OpenVPN
2013-11-17 00:00:00
amazon
amazon
Low: openvpn
2013-06-11 22:47:00
fedora
fedora
[SECURITY] Fedora 17 Update: openvpn-2.3.1-2.fc17
2013-05-16 02:50:42
[SECURITY] Fedora 18 Update: openvpn-2.3.1-2.fc18
2013-05-16 03:04:28
freebsd
freebsd
OpenVPN -- potential side-channel/timing attack when comparing HMACs
2013-03-19 00:00:00
prion
prion
Code injection
2013-11-18 02:55:00
ubuntu
ubuntu
OpenVPN vulnerability
2014-10-02 00:00:00
cvelist
cvelist
CVE-2013-2061
2013-11-15 18:16:00
gentoo
gentoo
OpenVPN: Multiple vulnerabilities
2013-11-20 00:00:00
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.9%
Related for DEBIANCVE:CVE-2013-2061