Denial of Service Vulnerability in OpenVPN TCP Mode
CVE-2005-3409

Currently unrated

Key Information:

Vendor: Openvpn
Status: Openvpn; Openvpn Access Server
Vendor: CVE Published:; 2 November 2005

Summary

OpenVPN versions prior to 2.0.4 are susceptible to a denial of service vulnerability when operating in TCP mode. Remote attackers could exploit this flaw to trigger a segmentation fault by inducing the accept function call to return an error status. This situation leads to a null dereference in the exception handling, effectively causing the OpenVPN service to crash and disrupt connectivity for legitimate users. Proper updates to the software are recommended to mitigate this risk.

References

http://secunia.com/advisories/17447

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/17480

third-party-advisoryx_refsource_SECUNIA

http://openvpn.net/changelog.html

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 2, 2005
Vulnerability Reserved
Nov 1, 2005