Bug 1186876 - (CVE-2020-36382) VUL-1: CVE-2020-36382: openvpn: OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger a a denial of service during the user authentication phase
(CVE-2020-36382)
VUL-1: CVE-2020-36382: openvpn: OpenVPN Access Server 2.7.3 to 2.8.7 allows r...
Status: RESOLVED DUPLICATE of bug 1185279
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/301264/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-04 15:35 UTC by Gianluca Gabrielli
Modified: 2021-06-04 15:35 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-06-04 15:35:01 UTC
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an
assert during the user authentication phase via incorrect authentication token
data in an early phase of the user authentication resulting in a denial of
service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36382
https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/
https://openvpn.net/vpn-server-resources/release-notes/
Comment 1 Gianluca Gabrielli 2021-06-04 15:35:22 UTC
This only affect the closed source version of OpenVPN (OpenVPN Access Server). The same vulnerability has been addressed in the open source OpenVPN codebase as CVE-2020-15078 (bsc#1185279).

*** This bug has been marked as a duplicate of bug 1185279 ***