Bug 1214500 (CVE-2020-20813) - VUL-0: CVE-2020-20813: openvpn: Control Channel allows remote attackers to cause a denial of service via crafted reset packet.
Summary: VUL-0: CVE-2020-20813: openvpn: Control Channel allows remote attackers to c...
Status: NEW
Alias: CVE-2020-20813
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Rahul Jain
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/375957/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-20813:5.9:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-08-23 07:22 UTC by Robert Frohl
Modified: 2024-03-26 08:36 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2023-08-23 07:22:29 UTC 
CVE-2020-20813

Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a
denial of service via crafted reset packet.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20813
https://www.cve.org/CVERecord?id=CVE-2020-20813
https://www.freebuf.com/vuls/215171.html
Comment 1 Mohd Saquib 2023-08-28 08:31:51 UTC 
Hi,
There seems to be very limited information about this CVE. There is no reproducer for this and no information upstream whatsoever, as this version is very old this might not get a fix.
Should we try and update to a new version which doesn't contain this vulnerability?
Comment 2 Robert Frohl 2023-08-28 11:08:33 UTC 
This was part of a bigger wave of CVEs, the only information seems to be the vulnerability report.

Does upsteam project have any additional details about the issue ?
Comment 3 Mohd Saquib 2023-08-28 12:31:49 UTC 
No I don't see any other info from the upstream project