FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-11-21 11:10:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
50a0c266-c3ff-11f0-b513-0da7be77c170	OpenVPN -- avoid buffer overread parsing routes or endpoints Mikhail Khachaiants reports: socket: reject mismatched address family in get_addr_generic. Add a family check to prevent copying address data of the wrong type, which could cause buffer over-read when parsing routes or endpoints. Discovery 2025-10-18 Entry 2025-11-17 openvpn-devel < g20251117,1 CVE-2025-12106 https://github.com/OpenVPN/openvpn/commit/f1b851dae60eb1e277315dfe6265e3a58660b16a
17a40d76-c3fd-11f0-b513-0da7be77c170	OpenVPN -- HMAC verification on source IP address ineffective Arne Schwabe reports: Fix memcmp check for the hmac verification in the 3way handshake being inverted This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the server from IP addresses that did not initiate an initial connection. While at it, fix check to only allow [t-2;t] timeslots, disallowing HMACs coming in from a future timeslot. Discovery 2025-10-27 Entry 2025-11-17 openvpn < 2.6.16 openvpn-devel < g20251117,1 CVE-2025-13086 https://github.com/OpenVPN/openvpn/commit/fa6a1824b0f37bff137204156a74ca28cf5b6f83

VuXML ID

Description

50a0c266-c3ff-11f0-b513-0da7be77c170

OpenVPN -- avoid buffer overread parsing routes or endpoints

Mikhail Khachaiants reports:

socket: reject mismatched address family in get_addr_generic.

Add a family check to prevent copying address data of the wrong type, which could cause buffer over-read when parsing routes or endpoints.

Discovery 2025-10-18
Entry 2025-11-17
openvpn-devel

< g20251117,1

CVE-2025-12106
https://github.com/OpenVPN/openvpn/commit/f1b851dae60eb1e277315dfe6265e3a58660b16a

17a40d76-c3fd-11f0-b513-0da7be77c170

OpenVPN -- HMAC verification on source IP address ineffective

Arne Schwabe reports:

Fix memcmp check for the hmac verification in the 3way handshake being inverted This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the server from IP addresses that did not initiate an initial connection.

While at it, fix check to only allow [t-2;t] timeslots, disallowing HMACs coming in from a future timeslot.

Discovery 2025-10-27
Entry 2025-11-17
openvpn

< 2.6.16

openvpn-devel

< g20251117,1

CVE-2025-13086
https://github.com/OpenVPN/openvpn/commit/fa6a1824b0f37bff137204156a74ca28cf5b6f83