Lucene search

Veracode Vulnerability DatabaseVERACODE:26992

HistorySep 21, 2020 - 6:29 a.m.

Denial Of Service (DoS)

2020-09-2106:29:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

OpenVPN is vulnerable to denial of service (DoS). It has a reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

CPENameOperatorVersion
openvpn:trustyeq2.3.2-7ubuntu3
openvpn:xenialeq2.3.10-1ubuntu2
openvpn:trustyeq2.3.2-7ubuntu3
openvpn:xenialeq2.3.10-1ubuntu2

Name	Operator	Version
openvpn:trusty	eq	2.3.2-7ubuntu3
openvpn:xenial	eq	2.3.10-1ubuntu2
openvpn:trusty	eq	2.3.2-7ubuntu3
openvpn:xenial	eq	2.3.10-1ubuntu2

References

www.debian.org/security/2017/dsa-3900

www.securityfocus.com/bid/98443

www.securitytracker.com/id/1038473

community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

Related for VERACODE:26992