FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-11-21 11:10:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
17a40d76-c3fd-11f0-b513-0da7be77c170	OpenVPN -- HMAC verification on source IP address ineffective Arne Schwabe reports: Fix memcmp check for the hmac verification in the 3way handshake being inverted This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the server from IP addresses that did not initiate an initial connection. While at it, fix check to only allow [t-2;t] timeslots, disallowing HMACs coming in from a future timeslot. Discovery 2025-10-27 Entry 2025-11-17 openvpn < 2.6.16 openvpn-devel < g20251117,1 CVE-2025-13086 https://github.com/OpenVPN/openvpn/commit/fa6a1824b0f37bff137204156a74ca28cf5b6f83

VuXML ID

Description

17a40d76-c3fd-11f0-b513-0da7be77c170

OpenVPN -- HMAC verification on source IP address ineffective

Arne Schwabe reports:

Fix memcmp check for the hmac verification in the 3way handshake being inverted This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the server from IP addresses that did not initiate an initial connection.

While at it, fix check to only allow [t-2;t] timeslots, disallowing HMACs coming in from a future timeslot.

Discovery 2025-10-27
Entry 2025-11-17
openvpn

< 2.6.16

openvpn-devel

< g20251117,1

CVE-2025-13086
https://github.com/OpenVPN/openvpn/commit/fa6a1824b0f37bff137204156a74ca28cf5b6f83