Documenting security issues in FreeBSD and the FreeBSD Ports Collection
Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:
Please report security issues to the FreeBSD Security Team at <ports-secteam@FreeBSD.org>. Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.
|[by package name]||[by topic]||[by CVE name]||[by entry date]||[by modified date]||[by VuXML ID]|
|2023-11-15||openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak|
|2022-03-17||openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins|
|2021-04-21||openvpn -- deferred authentication can be bypassed in specific circumstances|
|2020-04-16||openvpn -- illegal client float can break VPN session for other users|
|2017-09-27||OpenVPN -- out-of-bounds write in legacy key-method 1|
|2017-06-21||OpenVPN -- several vulnerabilities|
|2017-05-11||OpenVPN -- two remote denial-of-service vulnerabilities|
|2016-05-14||OpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing|
|2014-12-02||OpenVPN -- denial of service security vulnerability|
|2013-03-31||OpenVPN -- potential side-channel/timing attack when comparing HMACs|
|2006-04-05||openvpn -- LD_PRELOAD code execution on client through malicious or compromised server|
|2005-11-01||openvpn -- arbitrary code execution on client through malicious or compromised server|
|openvpn -- potential denial-of-service on servers in TCP mode|
|2005-08-19||openvpn -- denial of service: client certificate validation can disconnect unrelated clients|
|openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory|
|openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients|
|openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server|
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.