Approved changes feed: RSS · Atom
cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*
part: a version: * update: *
| Vendor | Openvpn (69250643-f594-58ab-9395-086994cbe5f3) |
|---|---|
| Product | Openvpn (cff78dd9-2909-5405-93d7-f62ace8a52df) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/openvpn |
purl2cpe | 2026-06-01 10:12:11.080395 |
pkg:deb/ubuntu/openvpn |
purl2cpe | 2026-06-01 10:12:11.080396 |
pkg:github/openvpn/openvpn |
purl2cpe | 2026-06-01 10:12:11.080398 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-2704 |
vulnerable | 2026-06-03 15:00:26.312411 |
Details available
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
Published: 2025-04-02T21:00:58.582Z
Updated: 2025-10-23T10:53:34.373Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13751 |
vulnerable | 2026-06-03 14:58:53.572680 |
Details available
Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.
Published: 2025-12-03T16:22:35.771Z
Updated: 2025-12-12T13:56:20.684Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13086 |
vulnerable | 2026-06-03 14:58:45.499411 |
Details available
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client
Published: 2025-12-03T19:54:10.737Z
Updated: 2025-12-12T13:50:46.678Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5594 |
vulnerable | 2026-06-03 14:57:53.358673 |
Details available
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
Published: 2025-01-06T13:52:20.272Z
Updated: 2025-11-03T20:48:53.705Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4877 |
vulnerable | 2026-06-03 14:57:16.359370 |
Details available
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges
Published: 2025-04-03T15:11:51.057Z
Updated: 2025-04-04T13:25:17.430Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28882 |
vulnerable | 2026-06-03 14:55:26.103030 |
Details available
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
Published: 2024-07-08T21:30:24.798Z
Updated: 2024-11-01T20:38:32.966Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27903 |
vulnerable | 2026-06-03 14:55:24.157466 |
Details available
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.
Published: 2024-07-08T10:27:40.125Z
Updated: 2024-08-23T03:55:35.767Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27459 |
vulnerable | 2026-06-03 14:55:17.759483 |
Details available
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
Published: 2024-07-08T10:14:06.208Z
Updated: 2024-08-23T15:05:42.997Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24974 |
vulnerable | 2026-06-03 14:55:06.186197 |
Details available
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
Published: 2024-07-08T10:20:34.520Z
Updated: 2024-08-10T03:55:21.896Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46850 |
vulnerable | 2026-06-03 14:53:16.650854 |
Details available
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Published: 2023-11-11T00:15:07.076Z
Updated: 2025-12-16T18:23:24.266Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46849 |
vulnerable | 2026-06-03 14:53:16.647288 |
Details available
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Published: 2023-11-11T00:05:13.487Z
Updated: 2025-06-11T14:30:02.796Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.