Bug 1186876 (CVE-2020-36382)

Summary: VUL-1: CVE-2020-36382: openvpn: OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger a a denial of service during the user authentication phase
Product: [Novell Products] SUSE Security Incidents Reporter: Gianluca Gabrielli <gianluca.gabrielli>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P5 - None CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/301264/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Gianluca Gabrielli 2021-06-04 15:35:01 UTC 
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an
assert during the user authentication phase via incorrect authentication token
data in an early phase of the user authentication resulting in a denial of
service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36382
https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/
https://openvpn.net/vpn-server-resources/release-notes/
Comment 1 Gianluca Gabrielli 2021-06-04 15:35:22 UTC 
This only affect the closed source version of OpenVPN (OpenVPN Access Server). The same vulnerability has been addressed in the open source OpenVPN codebase as CVE-2020-15078 (bsc#1185279).

*** This bug has been marked as a duplicate of bug 1185279 ***