CVE-2020-11810

LOW

OpenVPN 2.4.0-2.4.8 - Denial of Service via Early P_DATA_V2 Packet Injection

Title source: llm
STIX 2.1

Description

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.

References (8)

Core 8
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2020-11810
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1169925
Exploit, Vendor Advisory x_refsource_confirm
https://community.openvpn.net/openvpn/ticket/1272
Patch, Vendor Advisory x_refsource_confirm
https://patchwork.openvpn.net/patch/1079/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html

Scores

CVSS v3 3.7
EPSS 0.0161
EPSS Percentile 72.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-362
Status published
Products (6)
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 30
fedoraproject/fedora 32
openvpn/openvpn 2.4.0 - 2.4.9
Published Apr 27, 2020
Tracked Since Feb 18, 2026