Multiple vulnerabilities were identified in OpenVPN. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and sensitive information disclosure on the targeted system.
Two vulnerabilities have been discovered in OpenVPN. The first involves a division by zero crash, which is less easily exploitable on Access Server due to its default configuration not including the — fragment option and enhanced control channel security. However, under specific circumstances, exploitation is still possible. The second vulnerability is a more serious use after free memory security issue, posing a risk of leaking sensitive information from memory. This vulnerability arises from OpenVPN incorrectly utilizing a freed send buffer, potentially disclosing information to the client peer. The TLS configuration is affected by this vulnerability.
Apply fixes issued by the vendor:
The information provided herein is on an “as is” basis, without warranty of any kind.