FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2

Affected packages
2.6.1 <= openvpn < 2.6.14
openvpn-devel < g20250402,1

Details

VuXML ID 2cad4541-0f5b-11f0-89f8-411aefea0df9
Discovery 2025-03-26
Entry 2025-04-02

Gert Doering reports:

OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT() message by sending a particular combination of authenticated and malformed packets.

To trigger the bug, a valid tls-crypt-v2 client key is needed, or network observation of a handshake with a valid tls-crypt-v2 client key

No crypto integrity is violated, no data is leaked, and no remote code execution is possible.

This bug does not affect OpenVPN clients.

[source]

References

CVE Name CVE-2025-2704
URL https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.