FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

openvpn


Entered Topic
2024-06-20 openvpn -- two security fixes
2023-11-15 openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak
2022-03-17 openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins
2021-04-21 openvpn -- deferred authentication can be bypassed in specific circumstances
2020-04-16 openvpn -- illegal client float can break VPN session for other users
2017-09-27 OpenVPN -- out-of-bounds write in legacy key-method 1
2017-06-21 OpenVPN -- several vulnerabilities
2017-05-11 OpenVPN -- two remote denial-of-service vulnerabilities
2016-05-14 OpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing
2014-12-02 OpenVPN -- denial of service security vulnerability
2013-03-31 OpenVPN -- potential side-channel/timing attack when comparing HMACs
2006-04-05 openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
2005-11-01 openvpn -- arbitrary code execution on client through malicious or compromised server
openvpn -- potential denial-of-service on servers in TCP mode
2005-08-19 openvpn -- denial of service: client certificate validation can disconnect unrelated clients
openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory
openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients
openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server