The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
2013-11-18T02:55:07.530
2025-04-11T00:51:21.963
Deferred
CVSSv2: 2.6 (LOW)
AV:N/AC:H/Au:N/C:P/I:N/A:N
4.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openvpn | openvpn | ≤ 2.3.0 | Yes |
| Application | openvpn | openvpn | 1.2.0 | Yes |
| Application | openvpn | openvpn | 1.2.1 | Yes |
| Application | openvpn | openvpn | 1.3.0 | Yes |
| Application | openvpn | openvpn | 1.3.1 | Yes |
| Application | openvpn | openvpn | 1.3.2 | Yes |
| Application | openvpn | openvpn | 1.4.0 | Yes |
| Application | openvpn | openvpn | 1.4.1 | Yes |
| Application | openvpn | openvpn | 1.4.2 | Yes |
| Application | openvpn | openvpn | 1.4.3 | Yes |
| Application | openvpn | openvpn | 1.5.0 | Yes |
| Application | openvpn | openvpn | 1.6.0 | Yes |
| Application | openvpn | openvpn | 2.1.0 | Yes |
| Application | openvpn | openvpn | 2.2.0 | Yes |
| Application | openvpn | openvpn_access_server | 2.0.0 | Yes |
| Operating System | opensuse | opensuse | 11.4 | Yes |