FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-06-20 15:39:58 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2cad4541-0f5b-11f0-89f8-411aefea0df9	openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2 Gert Doering reports: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT() message by sending a particular combination of authenticated and malformed packets. To trigger the bug, a valid tls-crypt-v2 client key is needed, or network observation of a handshake with a valid tls-crypt-v2 client key No crypto integrity is violated, no data is leaked, and no remote code execution is possible. This bug does not affect OpenVPN clients. Discovery 2025-03-26 Entry 2025-04-02 openvpn >= 2.6.1 lt 2.6.14 openvpn-devel < g20250402,1 CVE-2025-2704 https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614

VuXML ID

Description

2cad4541-0f5b-11f0-89f8-411aefea0df9

openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2

Gert Doering reports:

OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT() message by sending a particular combination of authenticated and malformed packets.

To trigger the bug, a valid tls-crypt-v2 client key is needed, or network observation of a handshake with a valid tls-crypt-v2 client key

No crypto integrity is violated, no data is leaked, and no remote code execution is possible.

This bug does not affect OpenVPN clients.

Discovery 2025-03-26
Entry 2025-04-02
openvpn

>= 2.6.1 lt 2.6.14

openvpn-devel

< g20250402,1

CVE-2025-2704
https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614