Description
OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.
Product(s):
- OpenVPN 2.0.1 RC1
- OpenVPN 2.0.1 RC2
- OpenVPN 2.0.1 RC3
- OpenVPN 2.0.1 RC4
- OpenVPN 2.0.1 RC5
- OpenVPN 2.0.1 RC6
- OpenVPN 2.0.1 RC7
- OpenVPN 2.0
- OpenVPN 2.0 Community Edition
- OpenVPN 2.0 Beta 10 Community Edition
- OpenVPN 2.0 Beta 11 Community Edition
- OpenVPN 2.0 Beta 12 Community Edition
- OpenVPN 2.0 Beta 13 Community Edition
- OpenVPN 2.0 Beta 14 Community Edition
- OpenVPN 2.0 Beta 15 Community Edition
- OpenVPN 2.0 Beta 16 Community Edition
- OpenVPN 2.0 Beta 17 Community Edition
- OpenVPN 2.0 Beta 18 Community Edition
- OpenVPN 2.0 Beta 19 Community Edition
- OpenVPN 2.0 Beta 1 Community Edition
- OpenVPN 2.0 Beta 20 Community Edition
- OpenVPN 2.0 Beta 2 Community Edition
- OpenVPN 2.0 Beta 3 Community Edition
- OpenVPN 2.0 Beta 4 Community Edition
- OpenVPN 2.0 Beta 5 Community Edition
- OpenVPN 2.0 Beta 6 Community Edition
- OpenVPN 2.0 Beta 7 Community Edition
- OpenVPN 2.0 Beta 8 Community Edition
- OpenVPN 2.0 Beta 9 Community Edition
- OpenVPN 2.0 Release Candidate 10 Community Edition
- OpenVPN 2.0 Release Candidate 11 Community Edition
- OpenVPN 2.0 Release Candidate 12 Community Edition
- OpenVPN 2.0 Release Candidate 13 Community Edition
- OpenVPN 2.0 Release Candidate 14 Community Edition
- OpenVPN 2.0 Release Candidate 15 Community Edition
- OpenVPN 2.0 Release Candidate 16 Community Edition
- OpenVPN 2.0 Release Candidate 17 Community Edition
- OpenVPN 2.0 Release Candidate 18 Community Edition
- OpenVPN 2.0 Release Candidate 19 Community Edition
- OpenVPN 2.0 Release Candidate 1 Community Edition
- OpenVPN 2.0 Release Candidate 20 Community Edition
- OpenVPN 2.0 Release Candidate 21 Community Edition
- OpenVPN 2.0 Release Candidate 2 Community Edition
- OpenVPN 2.0 Release Candidate 3 Community Edition
- OpenVPN 2.0 Release Candidate 4 Community Edition
- OpenVPN 2.0 Release Candidate 5 Community Edition
- OpenVPN 2.0 Release Candidate 6 Community Edition
- OpenVPN 2.0 Release Candidate 7 Community Edition
- OpenVPN 2.0 Release Candidate 8 Community Edition
- OpenVPN 2.0 Release Candidate 9 Community Edition
- OpenVPN 2.0 Test10 Community Edition
- OpenVPN 2.0 Test11 Community Edition
- OpenVPN 2.0 Test12 Community Edition
- OpenVPN 2.0 Test13 Community Edition
- OpenVPN 2.0 Test14 Community Edition
- OpenVPN 2.0 Test15 Community Edition
- OpenVPN 2.0 Test16 Community Edition
- OpenVPN 2.0 Test17 Community Edition
- OpenVPN 2.0 Test18 Community Edition
- OpenVPN 2.0 Test19 Community Edition
- OpenVPN 2.0 Test1 Community Edition
- OpenVPN 2.0 Test20 Community Edition
- OpenVPN 2.0 Test21 Community Edition
- OpenVPN 2.0 Test22 Community Edition
- OpenVPN 2.0 Test23 Community Edition
- OpenVPN 2.0 Test24 Community Edition
- OpenVPN 2.0 Test26 Community Edition
- OpenVPN 2.0 Test27 Community Edition
- OpenVPN 2.0 Test28 Community Edition
- OpenVPN 2.0 Test29 Community Edition
- OpenVPN 2.0 Test2 Community Edition
- OpenVPN 2.0 Test3 Community Edition
- OpenVPN 2.0 Test5 Community Edition
- OpenVPN 2.0 Test6 Community Edition
- OpenVPN 2.0 Test7 Community Edition
- OpenVPN 2.0 Test8 Community Edition
- OpenVPN 2.0 Test9 Community Edition
- OpenVPN 2.0 Beta 10
- OpenVPN 2.0 Beta 11
- OpenVPN 2.0 Beta 12
- OpenVPN 2.0 Beta 13
- OpenVPN 2.0 Beta 15
- OpenVPN 2.0 Beta 16
- OpenVPN 2.0 Beta 17
- OpenVPN 2.0 Beta 18
- OpenVPN 2.0 Beta 19
- OpenVPN 2.0 Beta 1
- OpenVPN 2.0 Beta 20
- OpenVPN 2.0 Beta 28
- OpenVPN 2.0 Beta 2
- OpenVPN 2.0 Beta 3
- OpenVPN 2.0 Beta 4
- OpenVPN 2.0 Beta 5
- OpenVPN 2.0 Beta 6
- OpenVPN 2.0 Beta 7
- OpenVPN 2.0 Beta 8
- OpenVPN 2.0 Beta 9
- OpenVPN 2.0 RC10
- OpenVPN 2.0 RC11
- OpenVPN 2.0 RC12
- +43 additional
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-2532, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-2532 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.