CVE-2005-2532

Description

OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.

How to fix CVE-2005-2532

To remediate CVE-2005-2532, upgrade the affected package to a fixed version below.

• Debian/openvpn—upgrade to 2.0.2-1 or later

Is CVE-2005-2532 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.0.2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-2532