2357035 – (CVE-2025-2704) CVE-2025-2704 openvpn: OpenVPN in a server role with tls-crypt-v2 enabled can reach an assertion failed state when receiving specially crafted packets

Bug 2357035 (CVE-2025-2704) - CVE-2025-2704 openvpn: OpenVPN in a server role with tls-crypt-v2 enabled can reach an assertion failed state when receiving specially crafted packets

Summary: CVE-2025-2704 openvpn: OpenVPN in a server role with tls-crypt-v2 enabled can...

Keywords:
Status:	NEW
Alias:	CVE-2025-2704
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2357052 2357053
Blocks:
TreeView+	depends on / blocked

Reported:	2025-04-02 22:01 UTC by OSIDB Bzimport
Modified:	2025-04-02 23:11 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-04-02 22:01:26 UTC

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

Note You need to log in before you can comment on or make changes to this bug.