Bug 1214500 (CVE-2020-20813)

Summary: VUL-0: CVE-2020-20813: openvpn: Control Channel allows remote attackers to cause a denial of service via crafted reset packet.
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Rahul Jain <rahul.jain>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/375957/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-20813:5.9:(AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2023-08-23 07:22:29 UTC 
CVE-2020-20813

Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a
denial of service via crafted reset packet.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20813
https://www.cve.org/CVERecord?id=CVE-2020-20813
https://www.freebuf.com/vuls/215171.html
Comment 1 Mohd Saquib 2023-08-28 08:31:51 UTC 
Hi,
There seems to be very limited information about this CVE. There is no reproducer for this and no information upstream whatsoever, as this version is very old this might not get a fix.
Should we try and update to a new version which doesn't contain this vulnerability?
Comment 2 Robert Frohl 2023-08-28 11:08:33 UTC 
This was part of a bigger wave of CVEs, the only information seems to be the vulnerability report.

Does upsteam project have any additional details about the issue ?
Comment 3 Mohd Saquib 2023-08-28 12:31:49 UTC 
No I don't see any other info from the upstream project